Advanced Settings
139
D6200 WiFi DSL Modem Router
• IKE.
- Direction/T
ype. This setting is used to determine if the IKE policy matches the
current traffic. Select the desired option.
- Respond
er only. Incoming connections are allowed, but outgoing connections
are blocked.
- Initia
tor and Responder. Both incoming and outgoing connections are allowed.
- Exchan
ge Mode. Currently, only Main Mode is supported. Ensure that the remote
VPN endpoint is set to use Main Mode.
- Diffi
e-Hellman (DH) Group. When the VPN connection keys are exchanged, the
Diffie-Hellman algorithm is used. The DH Group setting determines the bit size
used in the exchange. This value must match the value used on the remote VPN
gateway.
- Local Identi
ty Type. Select the desired option to match the Remote Identity Type
setting on the remote VPN endpoint.
- W
AN IP Address. Your Internet IP address.
- Fully
Qualified Domain Name. Your domain name.
- Fully
Qualified User Name. Your name, email address, or other ID.
- Loca
l Identity Data. Enter the data for the selection. When WAN IP Address is
selected, no input is required.
- Remote Id
entity Type. Select the desired option to match the Local Identity Type
setting on the remote VPN endpoint.
- IP Address.
The Internet IP address of the remote VPN endpoint.
- Fully
Qualified Domain Name. The domain name of the remote VPN endpoint.
- Fully Qu
alified User Name. The name, email address, or other ID of the remote
VPN endpoint.
- Remote Identity
Data. Enter the data for the selection. When IP Address is
selected, no input is required.
• Parameters.
- Encryption
Algorithm. The encryption algorithm used for both IKE and IPSec.
This setting must match the setting used on the remote VPN gateway.
- Authentic
ation Algorithm. The authentication algorithm used for both IKE and
IPSec. This setting must match the setting used on the remote VPN gateway.
- Pre-shared Key. Th
e key has to be entered both here and on the remote VPN
gateway.
- SA Life T
ime. This setting determines the time interval before the SA (security
association) expires. (It is automatically reestablished as required.) While using a
short time period (or data amount) increases security, it also degrades
performance. It is common to use periods over an hour (3600 seconds) for the SA
lifetime. This setting applies to both IKE and IPSec SAs.
- Enable
PFS (Perfect Forward Secrecy). If enabled, security is enhanced by
ensuring that the key is changed at regular intervals. Also, even if one key is