Filter
Top Products
VPN
Gateway to Gateway
Cisco RV320/RV325 Administration Guide 89
9
• AH Hash Algorithm—Authentication Header (AH) protocol describes the
packet format and default standards for packet structure. When AH is the
security protocol, protection is extended forward into the IP header to verify
the integrity of the entire packet. Check the box to use this feature and
select an authentication method: MD5 or SHA1. MD5 produces a 128-bit
digest to authenticate packet data. SHA1 produces a 160-bit digest to
authenticate packet data. Both sides of the tunnel should use the same
algorithm.
• NetBIOS Broadcast—Broadcast messages used for name resolution in
Windows networking to identify resources such as computers, printers, and
file servers. These messages are used by some software applications and
Windows features such as Network Neighborhood. LAN broadcast traffic is
typically not forwarded over a VPN tunnel. However, you can check this box
to allow NetBIOS broadcasts from one end of the tunnel to be rebroadcast
to the other end.
• NAT Traversal—Network Address Translation (NAT) enables users with
private LAN addresses to access Internet resources by using a publicly
routable IP address as the source address. However, for inbound traffic, the
NAT gateway has no automatic method of translating the public IP address
to a particular destination on the private LAN. This issue prevents
successful IPsec exchanges. If your VPN router is behind a NAT gateway,
check this box to enable NAT traversal. The same setting must be used on
both ends of the tunnel.
• Dead Peer Detection (DPD)—Sends periodic HELLO/ACK messages to
check the status of the VPN tunnel. This feature must be enabled on both
ends of the VPN tunnel. Specify the interval between HELLO/ACK
messages in the Interval field.
• Extended Authentication—Uses an IPsec host username and password to
authenticate the VPN clients or it uses the user database found in User
Management. Both IPSec host and edge device must enable Extended
Authentication. To use the IPsec Host, click the radio button and enter the
User Name and Password. To use the Edge Device, click the radio button
and select the database from the drop-down menu. To add or edit the
database, click Add/Edit to display the User Management window.
• Tunnel Backup—When DPD determines that the remote peer is
unavailable, this feature enables the router to reestablish the VPN tunnel by
using either an alternative IP address for the remote peer or an alternative
local WAN interface. Check the box to enable this feature and enter the
following settings. This feature is available only if Dead Peer Detection is
enabled.