NETGEAR DG834G Reference Manual page 123

• Will either endpoint use Fully Qualified Domain Names (FQDNs)? FQDNs supplied by
Dynamic DNS providers (see
page B-8) can allow a VPN endpoint with a dynamic IP address to initiate or respond to a
tunnel request. Otherwise, the side using a dynamic IP address must always be the initiator.
• What method will you use to configure your VPN tunnels?
— The VPN Wizard using VPNC defaults (see
— The typical automated Internet Key Exchange (IKE) setup (see
Configure VPN Tunnels" on page
— A Manual Keying setup in which you must specify each phase of the connection (see
"Using Manual Policy to Configure VPN Tunnels" on page
Table 8-2. Parameters Recommended by the VPNC and Used in the VPN Wizard
Parameter
Secure Association
Authentication Method
Encryption Method
Authentication Protocol
Diffie-Hellman (DH) Group
Key Life
IKE Life Time
• What level of IPSec VPN encryption will you use?
— DES - The Data Encryption Standard (DES) processes input data that is 64 bits wide,
encrypting these values using a 56 bit key. Faster but less secure than 3DES.
— 3DES - (Triple DES) achieves a higher level of security by encrypting the data three times
using DES with three different, unrelated keys.
• What level of authentication will you use?
— MDS: 128 bits, faster but less secure.
— SHA-1: 160 bits, slower but more secure.
Virtual Private Networking
Reference Manual for the ADSL Modem Wireless Router DG834G
"The Use of a Fully Qualified Domain Name (FQDN)" on
Table
8-38)
Factory Default
Main Mode
Pre-shared Key
3DES
SHA-1
Group 2 (1024 bit)
8 hours
1 hour
v1.3, March 2007
8-2)
"Using Auto Policy to
8-48)?
8-5