66
Chapter 6: Setting up and Configuring the Router
VPN Tab - Client to Gateway
10/100 16-Port VPN Router
Encryption. Select a method of encryption, DES or 3DES. The encryption method determines the length of the
key used to encrypt or decrypt ESP packets. DES uses 56-bit encryption, and 3DES uses 168-bit encryption.
3DES is recommended because it is more secure. Make sure both ends of the VPN tunnel use the same
encryption method.
Authentication. Select a method of authentication, MD5 or SHA. The authentication method determines how
the ESP packets are validated. MD5 is a one-way hashing algorithm that produces a 128-bit digest. SHA is a
one-way hashing algorithm that produces a 160-bit digest. SHA is recommended because it is more secure.
Make sure both ends of the VPN tunnel use the same authentication method.
Encryption Key. This field specifies a key used to encrypt and decrypt IP traffic. Enter a key of hexadecimal
values in the Encryption Key field. If you selected DES as the encryption method, then the Encryption Key
must be 16-bit, which requires 16 hexadecimal values. If you do not enter enough hexadecimal values, then
the rest of the Encryption Key will be automatically completed with zeroes, so the Encryption Key will be
16-bit. If you selected 3DES as the encryption method, then the Encryption Key must be 48-bit, which
requires 48 hexadecimal values. If you do not enter enough hexadecimal values, then the rest of the
Encryption Key will be automatically completed with zeroes, so the Encryption Key will be 48-bit. Make sure
both ends of the VPN tunnel use the same Encryption Key.
Authentication Key. This field specifies a key used to authenticate IP traffic. Enter a key of hexadecimal values
in the Authentication Key field. If you selected MD5 as the authentication method, then the Authentication Key
must be 32-bit, which requires 32 hexadecimal values. If you do not enter enough hexadecimal values, then
the rest of the Encryption Key will be automatically completed with zeroes, so the Authentication Key will be
32-bit. If you selected SHA1 as the authentication method, then the Authentication Key must be 40-bit, which
requires 40 hexadecimal values. If you do not enter enough hexadecimal values, then the rest of the
Authentication Key will be automatically completed with zeroes, so the Authentication Key will be 40-bit.
Make sure both ends of the VPN tunnel use the same Authentication Key.
Click the Save Settings button to save your changes, or click the Cancel Changes button to undo the changes.
Advanced
For most users, the settings on the VPN page should suffice; however, the Router provides advanced IPSec
settings for advanced users. Click the Advanced button to view the Advanced settings, which are available only
for VPN tunnels using the IKE with Preshared Key mode.
Aggressive Mode. There are two types of Phase 1 exchanges, Main Mode and Aggressive Mode.
Aggressive Mode requires half of the main mode messages to be exchanged in Phase 1 of the SA exchange. If
network security is preferred, leave the Aggressive Mode checkbox unchecked. If network speed is preferred,
select Aggressive Mode. If you select one of the Dynamic IP types for the Remote Security Gateway Type
Figure 6-90: IKE with Preshared Key - Advanced