Billion 800VGT Router
IKE
(Internet
key
Exchange)
Mode:
Select
IKE
mode
to
Main
mode
or
Aggressive
mode.
This
IKE
provides
secured
key
generation
and
key
management.
IKE Proposal:
Hash
Function:
This
is
a
Message
Digest
algorithm
which
coverts
any
length
of
a
message
into
a
unique set
of
bits.
You
can
use
either
MD5
(Message
Digest)
or
SHA-1
(Secure
Hash
Algorithm)
algorithms.
SHA1
is
more
resistant
to
brute-force
attacks
than
MD5,
however
it
is
slower.
MD5:
A
one-way
hashing
algorithm
that
produces
a
128−bit
hash.
SHA1:
A
one-way
hashing
algorithm
that
produces
a
160−bit
hash
Encryption:
Select
the
encryption
method
from
the
pull-down
menu.
There
are
several
options,
DES
,
3DES
and
AES
(128,
192
and
256)
.
3DES
and
AES
are
more
powerful
but
increase
latency.
DES:
Stands
for
Data
Encryption
Standard,
it
uses
56
bits
as
an
encryption
method.
3DES:
Stands
for
Triple
Data
Encryption
Standard,
it
uses
168
(56*3)
bits
as
an
encryption
method.
AES:
Stands
for
Advanced
Encryption
Standards,
you
can
use
128,
192
or
256
bits
as
encryption
method.
Diffie-Hellman
Group:
It
is
a
public-key
cryptography
protocol
that
allows
two
parties
to
establish
a
shared
secret
over
an
unsecured
communication
channel
(i.e.
over
the
Internet).
There
are
three
modes,
MODP
768-bit,
MODP
1024-bit
and
MODP
1536-bit.
MODP
stands
for
Modular
Exponentiation
Groups.
Local
ID:
Type:
Specify
local
ID
type.
Content:
Input
ID’s
information,
like
domain
name
www.ipsectest.com.
Remote
ID:
Type:
Specify
Remote
ID
type.
Identifier:
Input
remote
ID’s
information,
like
domain
name
www.ipsectest.com.
SA
Lifetime:
Specify
the
number
of
minutes
that
a
Security
Association
(SA)
will
stay
active
before
new
encryption
and
authentication
key
will
be
exchanged.
There
are
two
kinds
of
SAs,
IKE
and
IPSec.
IKE
negotiates
and
establishes
SA
on
behalf
of
IPSec,
an
IKE
SA
is
used
by
IKE.
Phase
1
(IKE):
U
sed
to
issue
an
initial
connection
request
for
a
new
VPN
tunnel.
Any
value
can
be
selected
between
5
and
15,000
minutes.
The
default
is
480
minutes.
Phase
2
(IPSec):
Used
to
negotiate
and
establish
secure
authentication.
Any
value
can
be
selected
between
5
and
15,000
minutes.
The
default
is
60
minutes.
A
short
SA
time
increases
security
by
forcing
the
two
parties
to
update
the
keys.
However,
every
time
the
VPN
tunnel
re-negotiates,
access
through
the
tunnel
will
be
temporarily
disconnected.
Ping to Keep
Alive:
PING
to
the
IP:
The
router
is
able
to
IP
Ping
the
remote
PC
with
a
specified
IP
address
and
alert
the
user
when
the
connection
fails.
Once
the
alert
message
is
received,
the
router
will
drop
this
tunnel
connection.
The
connection
will
need
to
be
re-established.
Default
setting
is
0.0.0.0
which
disables
this
function.
Interval:
This
sets
the
time
interval
between
Pings
to
the
IP
function
to
monitor
the
connection
status.
Default
interval
setting
is
10
seconds.
Time
interval
can
be
set
to
any
value
between
0
and
3600
seconds,
0
second
disables
this
function.
81
Chapter
4:
Configuration