Table of Contents
Advertisement
TRENDnet User's Guide
using Aggressive mode would decreased security as the identity of the
endpoints would be sent unencrypted and/or authenticated, along with
disabling negotiation of additional security parameters such as PFS (Perfect
Forward Secrecy) and DH (Diffie-Hellman) groups between the VPN endpoints.
Note: It is recommended only to leave Aggressive mode disbled, unless you are
experiencing difficulties establishing a VPN connection and require more
compatibility typically between VPN gateways from two different
manufacturers.
•
Connecting Type – This option is only available in Site-to-Site IPsec VPN tunnel
configurations. You can choose between On demand, Always on, or Manual.
Note: It is recommended to leave this setting at default and use the DPD (Dead
Peer Detection) feature to control the connection timeout.
On demand – This will automatically disconnect the connection
o
between VPN endpoints after an idle period of time when there is no
traffic exchange through the VPN tunnel. If traffic is detected, the
connection between VPN endpoints will automatically be re-
established to exchange traffic.
Always on – The connection between VPN endpoints will always be
o
established.
Manual – Controlled through the IPsec main configuration page, the
o
connection between the VPN endpoints will only be established or
disconnected when clicking Connect or Disconnect on the IPsec main
configuration page.
•
Remote / Local ID – This provides an additional layer of identification or
authentication on the VPN tunnel. You can choose Username, FQDN,
User@FQDN, or Key ID. These settings must match on both VPN endpoints.
© Copyright 2012 TRENDnet. All Rights Reserved.
Username – Create and enter a user name. (e.g. trendnetuser)
o
FQDN (Fully Qualified Domain Name) – Enter a domain name.
o
(e.g. trendnet.com)
User@FQDN – Enter an e-mail address. (e.g. site1@trendnet.com)
o
Key ID – Create and enter a password or key. (e.g. 1234567890)
o
•
DPD (Dead Peer Detection) – This feature ensure that the tunnel between VPN
endpoints is only connected when it is in use and disconnected during an idle
period of time increasing security using "hello" and "acknowledge" messages.
Instead of constantly sending messages between VPN endpoints such as using
Keep Alives, this allows for more efficiency utilizing the VPN connection.
Enable – Checking this option enables DPD.
o
Timeout - Enter the time interval in seconds that the router will send
o
"hello" messages before disconnecting the VPN connection. For every
"acknowledge" message, the timer will reset. The connection will be
re-established when there is an attempt to communicate through the
VPN connection and the timer will restart.
Delay – Enter the time interval in seconds between each "hello"
o
message sent. If the timeout period is reached and VPN connection is
disconnected, delay messages will no longer be sent until the
connection is re-established.
•
XAUTH (Extended Authentication) – This provides an additional layer of
identification or authentication on the VPN tunnel. Unlike the Remote / Local
ID feature, XAUTH allows you to authentication from a separate database of
TW100-BRV214
70
Advertisement
Table of Contents
