NETGEAR DGND3700 User Manual page 115

N600 wireless dual band gigabit adsl2+ modem router
Hide thumbs Also See for DGND3700:
Table of Contents

Advertisement

N600 Wireless Dual Band Gigabit ADSL2+ Modem Router DGND3700
Table 19. VPN - Auto Policy screen settings (continued)
Fields and Settings
Parameters
SA Life Time
(Continued)
Enable IPSec PFS
(Perfect Forward
Secrecy)
General
Policy Name
Remote VPN
Endpoint
IKE Keep Alive
Local LAN
Subnet Mask
The remote VPN
Single/Start IP
endpoint has to
Address
have these IP
addresses entered
as its remote
addresses.
Description
The time interval before the SA (security association) expires. (It is
automatically reestablished as required.) While using a short time
period (or data amount) increases security, it also degrades
performance. It is common to use periods over an hour (3600 seconds)
for the SA life-time. This setting applies to both IKE and IPSec SAs.
• If this check box is selected, security is enhanced by ensuring that
the key is changed at regular intervals. Also, even if one key is
broken, subsequent keys are no easier to break. (Each key has no
relationship to the previous key.)
• This setting applies to both IKE and IPSec SAs. When configuring
the remote endpoint to match this setting, you might have to specify
the key group used. For this device, the key group is the same as the
DH Group setting in the IKE section.
Enter a unique name to identify this policy. This name is not supplied to
the remote VPN endpoint. It is used only to help you manage the
policies.
• The remote VPN endpoint has to have this VPN gateway's address
entered as its remote VPN endpoint.
• If the remote endpoint has a dynamic IP address, select Dynamic IP
address. No address data input is required. You can set up multiple
remote dynamic IP policies, but only one such policy can be enabled
at a time. Otherwise, select an option (IP address or domain name)
and enter the address of the remote VPN endpoint to which you want
to connect.
• If you want to ensure that a connection is kept open, or, if that is not
possible, that it is quickly reestablished when disconnected, select
this check box.
• The ping IP address has to be associated with the remote endpoint.
The remote LAN address has to be used. This IP address will be
pinged periodically to generate traffic for the VPN tunnel. The remote
keep-alive IP address has to be covered by the remote LAN IP range
and has to correspond to a device that can respond to ping. The
range should be made as narrow as possible to meet this objective.
Enter the network mask.
• Enter the IP address for a single address, or the starting address for
an address range. A single address setting is used when you want to
make a single server on your LAN available to remote users. A range
has to be an address range used on your LAN.
• Any. The remote VPN endpoint might be at any IP address.
Virtual Private Networking
115

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents