TP-Link Omada ER8411 VPN Router User Manual

Page 157

Advertising
background image

User Guide 148

Configuring VPN

IPSec VPN Configuration

Exchange

Mode

Specify the IKE Exchange Mode as Main Mode or Aggressive Mode. By default, it is

Main Mode.

Main Mode:

Main mode provides identity protection and exchanges more information,

which applies to scenarios with higher requirements for identity protection.

Aggressive Mode:

Aggressive Mode establishes a faster connection but with lower

security, which applies to scenarios with lower requirements for identity protection.

Negotiation

Mode

Specify the IKE Negotiation Mode as Initiator Mode or Responder Mode.

Initiator Mode

: The local device initiates a connection to the peer.

Initiator Mode

: The local device initiates a connection to the peer.

Local ID Type

Specify the local ID type for IKE negotiation.

IP Address

: Use an IP address as the ID in IKE negotiation. It is the default type.

NAME

: Use a name as the ID in IKE negotiation. It refers to FQDN (Fully Qualified

Domain Name)

.

Local ID

When the Local ID Type is configured as NAME, enter a name for the local device as

the ID in IKE negotiation.

Remote ID

Type

Specify the remote ID type for IKE negotiation.

IP Address

: Use an IP address as the ID in IKE negotiation. It is the default type.

NAME

: Use a name as the ID in IKE negotiation. It refers to FQDN (Fully Qualified

Domain Name)

.

Remote ID

When the Remote ID Type is configured as NAME, enter a name of the remote peer as

the ID in IKE negotiation .

SA Lifetime

Specify ISAKMP SA (Security Association) Lifetime in IKE negotiation. If the SA lifetime

expired, the related ISAKMP SA will be deleted.

DPD

Check the box to enable or disable DPD (Dead Peer Detect) function. If enabled, the IKE

endpoint can send a DPD request to the peer to inspect whether the IKE peer is alive.

DPD Interval

If DPD is triggered, specify the interval between sending DPD requests. If the IKE

endpoint receives a response from the peer during this interval, it considers the peer

alive. If the IKE endpoint does not receive a response during the interval, it considers

the peer dead and deletes the SA.

Advertising
See also other documents in the category TP-Link Routers: