D-Link DSL-G804V User Manual page 67

Parameter
Authentication Type
Idle Timeout (in
minutes)
Enable IPSec
When Enable IPSec
is activated
Authentication
Encryption
Perfect Forward
Secrecy
Pre-shared Key
When Enable
Tunnel
Authentication is
activated
Secret
Remote Host Name
Local Host Name
DSL-G804V Wireless ADSL Router User's Guide
Description
Default is Auto if you want the router to determine the authentication type to
use, or else manually specify CHAP (Challenge Handshake Authentication
Protocol) or PAP (Password Authentication Protocol) if you know which type
the server is using (when acting as a client), or else the authentication type
you want clients connecting to you to use (when acting as a server). When
using PAP, the password is sent unencrypted, whilst CHAP encrypts the
password before sending, and also allows for challenges at different periods to
ensure that the client has not been replaced by an intruder.
Auto-disconnect the VPN connection when there is no activity on the
connection for a predetermined period of time. 0 means this connection is
always on.
Enable for enhancing your LT2P VPN security. Check the box to active these
functions.
Authentication establishes the integrity of the datagram and ensures it is not
tampered with in transmit. There are three options, Message Digest 5 (MD5),
Secure Hash Algorithm (SHA1) or NONE. SHA-1 is more resistant to brute-
force attacks than MD5, however it is slower.
Select the encryption method from the pull-down menu. There are several
options, DES, 3DES, AES(128, 192 and 256) and NULL. NULL means it is a
tunnel only with no encryption. 3DES and AES are more powerful but increase
latency.
Choose whether to enable PFS using Diffie-Hellman public-key cryptography
to change encryption keys during the second phase of VPN negotiation. This
function will provide better security, but extends the VPN negotiation time.
Diffie-Hellman is a public-key cryptography protocol that allows two parties to
establish a shared secret over an unsecured communication channel (i.e. over
the Internet). There are three modes, MODP 768-bit, MODP 1024-bit and
MODP 1536-bit. MODP stands for Modular Exponentiation Groups.
This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128
characters. Both sides should use the same key. IKE is used to establish a
shared security policy and authenticated keys for services (such as IPSec) that
require a key. Before any IPSec traffic can be passed, each router must be
able to verify the identity of its peer. This can be done by manually entering the
pre-shared key into both sides (router or hosts).
The secure password length should be 16 characters which may include
numbers and characters.
(Option) Enter hostname of remote VPN device. It is a tunnel identifier from
the Remote VPN device matches with the Remote hostname provided. If
remote hostname matches, tunnel will be connected; otherwise, it will be
dropped.
Cautious: This is only when the router performs as a VPN server. This option
should be used by advanced users only.
(Option) Enter hostname of Local VPN device that is connected / establishes a
VPN tunnel. As default, Router's default Hostname is home.gateway.
59