EtherFast
®
Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint
4948
Encryption
Select the length of the key used to encrypt/decrypt ESP packets. There are two
choices: DES and 3DES. 3DES is recommended because it is more secure.
Authentication
Select the method used to authenticate ESP packets. There are two choices:
MD5 and SHA. SHA is recommended because it is more secure.
Group
There are two Diffie-Hellman Groups to choose from: 768-bit and 1024-bit.
Diffie-Hellman refers to a cryptographic technique that uses public and private
keys for encryption and decryption.
Key Lifetime
In the Key Lifetime field, you may optionally select to have the key expire at the
end of a time period of your choosing. Enter the number of seconds you’d like
the key to be used until a re-key negotiation between each endpoint is completed.
Figure 7-25
Instant Broadband
®
Series
To get more details concerning your tunnel connection, click the View Logs
button. The screen in Figure 7-24 will appear:
Select the log you wish to view: All (to view all logs), System Log, Access Log,
Firewall Log, or VPN Log. The System Log screen displays a list of cold and
warm starts, web login successes and failures, and packet filtering policies. The
Access Log shows all incoming and outgoing traffic. The Firewall Log lists
activities performed by the firewall to prevent DoS attacks, including URL fil-
tering and time filtering. The VPN Log screen displays successful connections,
transmissions and receptions, and the types of encryption used.
Once you no longer have need of the tunnel, simply click the Disconnect but-
ton on the bottom of the VPN page.
To change advanced settings, select the tunnel whose advanced settings you
wish to change. Then, click the Advanced Setting button to change the
Advanced Settings for a specific VPN tunnel.
Advanced Settings for Selected IPSec Tunnel
From the Advanced Settings screen, shown in Figure 7-25, you can adjust the
settings for specific VPN tunnels.
Phase 1
Phase 1 is used to create a security association (SA), often called the IKE SA.
After Phase 1 is completed, Phase 2 is used to create one or more IPSec SAs,
which are then used to key IPSec sessions.
Operation Mode
There are two modes: Main and Aggressive, and they exchange the same IKE
payloads in different sequences. Main mode is more common; however, some
people prefer Aggressive mode because it is faster. Main mode is for normal
usage and includes more authentication requirements than Aggressive mode.
Main mode is recommended because it is more secure. No matter which mode
is selected, the VPN Router will accept both Main and Aggressive requests
from the remote VPN device.
Figure 7-24