Table of Contents
Advertisement
TRENDnet User's Guide
user accounts. Your router supports an internal user account database for
XAUTH authentication in the IPsec main configuration page. For XAUTH
configuration between VPN endpoints, one endpoint must be configured as the
XAUTH Server and the other configured as the XAUTH client. Note: Your router
does not support external authentication to external servers such as a RADIUS
server.
•
Server – Configures your VPN tunnel as the XAUTH Server.
•
Client – Configures your VPN tunnel as the XAUTH Client. Enter your Username
and Password for authentication.
If your VPN tunnel is configured as the XAUTH server, to configure the user account in
the internal authentication database, click on Configuration at the top of the page, click
on Security Setting, then click on VPN-IPsec, and click on XAUTH at the bottom of the
page.
You can enter the user account information (Username, Password) for XAUTH.
For the IKE and IPsec proposals, you can select different Encryption and Authentication
methods. You are also able to create a second IKE and IPsec proposal in case the first
proposal cannot be negotiated with the VPN endpoint, it will use the second proposal
defined.
© Copyright 2012 TRENDnet. All Rights Reserved.
•
Encryption – Select the encryption method. You can choose between DES,
3DES, AES-128, AES-192, or AES-256.
DES (Data Encryption Standard) – Weaker encryption strength. It uses
o
a symmetric key algorithm with 56-bit key size.
3DES (Triple DES, TDEA Triple Data Encryption Algorithm) –Applies
o
DES three times to each data block resulting in 168-bit key size. Better
encryption strength than DES but lower performance than AES.
AES-128/192/256 (Advanced Encryption Standard 128/192/256-bit
o
key sizes) – (Recommended) Provides the strongest encryption
strength and best performance. You can choose 128, 192, or 256-bit
key size. As the bit and key size increase, the security strength also
increases.
Null – IPsec only. Weaker encryption strength. And offers better
o
performance.
•
Authentication – Select the authentication method. You can choose between
SHA1 or MD5.
SHA1 (Secure Hash Algorithm) – (Recommended) Stronger than MD5
o
as it produces a longer hash key but slightly lower performance.
MD5 (Message Digest 5) - Weaker than SHA1 as the hash key is
o
slightly shorter than SHA1 and provides higher performance.
•
DH (Diffie-Hellman) Group - As the DH group numbers increase, the security
also increases. You can choose between Group 1, Group 2, or Group 5. This is
to configure the IKE proposal only. To configure the DH Group for the IPsec
proposal, configure PFS (Perfect Forward Secrecy)
Group 1 – DH group 1 (768-bit)
o
Group 2 – DH group 2 (1024-bit)
o
Group 5 – DH group 5 (1536-bit)
o
TW100-BRV214
71
Advertisement
Table of Contents
