59
Chapter 6: Setting Up and Configuring the Router
VPN Tab
Wireless-N Gigabit Security Router with VPN
Remote Security Gateway. Select the remote gateway WAN port IP Address that can use this VPN tunnel. This
may be a Single IP address or Any addresses. If is set, the Router acts as responder and accepts request from any
remote Gateway.
IP Address. Enter the IP address on the remote WAN port.
Key Management
Key Exchange Method. The Router supports both automatic and manual key management. When choosing
automatic key management, IKE (Internet Key Exchange) protocols are used to negotiate key material for SA
(Security Association). If manual key management is selected, no key negotiation is needed. Basically, manual
key management is used in small static environments or for troubleshooting purpose. Notice that both sides must
use the same Key Management method (both Auto or both Manual). For Manual key management, all the
configurations need to match on both sides.
Auto IKE
Encryption. The Encryption method determines the complexity to encrypt/decrypt data packets. Only 3DES is
supported. Notice that both sides must use the same Encryption method.
Authentication. Authentication determines a method to authenticate the data packets to make sure they
come from a trusted source. Either MD5 or SHA1 may be selected. Notice that both sides (VPN endpoints)
must use the same Authentication method.
• MD5: A one way hashing algorithm that produces a 128-bit digest.
• SHA1: A one way hashing algorithm that produces a 160-bit digest.
PFS (Perfect Forward Secrecy). If PFS is enabled, IKE Phase 2 negotiation will generate a new key material
for IP traffic encryption and authentication. Note: that both sides must have this selected.
Pre-Shared Key. IKE uses the Pre-shared Key field to authenticate the remote IKE peer. Both characters and
hexadecimal values are acceptable in this field. e.g. “My_@123” or “0x4d795f40313233” Note that both
sides must use the same Pre-shared Key.
Key Life Time. This field specifies the lifetime of the IKE generated key. If the time expires, a new key will be
renegotiated automatically. The Key Life Time may range from 300 to 100,000,000 seconds. The default Life
Time is 3600 seconds.
