TD-W8968 300Mbps Wireless N USB ADSL2+ Modem Router User Guide
After complete the basic settings and click Save/Apply in both Device1 and Device2, PCs in LAN1
could conmmunicate with PCs in remote LAN2. (For example: You can ping the IP address of PC2
which is 192.168.2.100 in PC1)
)
Note:
The VPN Servers Endpoint from both ends must use the same pre-shared keys and Perfect
Forward Secrecy settings.
Click Show Advanced Settings and then you can configure the Advanced Settings.
¾ Main Mode: Select Main Mode to configure the standard negotiation parameters for IKE
phase1.
¾ Aggressive Mode: Select Aggressive Mode to configure IKE phase1 of the VPN Tunnel to
carry out negotiation in a shorter amount of time. (Not Recommended-Less Secure)
)
Note:
The difference between the two is that aggressive mode will pass more information in fewer
packets, with the benefit of slightly faster connection establishment, at the cost of transmitting the
identities of the security firewall in the clear. When using aggressive mode, some configuration
parameters such as Diffie-Hellman groups, and PFS can not be negotiated, resulting in a greater
importance of having "compatible" configuration on both ends.
¾ Key Life Time:
Enter the number of seconds for the IPSec lifetime. It is the period of time to pass before
establishing a new IPSec security association (SA) with the remote endpoint. The default value is
3600.
)
Note:
If you want to change the default settings of Advanced Settings, please make sure that both VPN
server endpoints use the same Encryption Algorithm, Integrity Algorithm, Diffie-Hellman Group
and Key Life time in both phase1 and phase2.
4.4.18 Multicast
60