1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Network Router
  5. DFL-900
  6. User manual

Chapter 8 Vpn Technical Introduction; Terminology Explanation; Vpn; Ipsec - D-Link DFL-900 User Manual

Firewall/vpn router
Hide thumbs Also See for DFL-900:
Table of Contents

Advertisement

VPN Technical Introduction
8.1

Terminology Explanation

8.1.1 VPN

A VPN (Virtual Private Network) logically provides secure communications between sites without the expense of leased site-to-site
lines. A secure VPN is a combination of encryption, tunneling, authentication, and access control used to transport traffic over the
Internet or any insecure TCP/IP networks.

8.1.2 IPSec

Internet Protocol Security (IPSec) is a standard-based VPN that offers flexible solutions for secure data communications across a
public network like the Internet. IPSec is built around a number of standardized cryptographic techniques to provide confidentiality,
data integrity and authentication at the IP layer.

8.1.3 Security Association

A Security Association (SA) is an agreement between two parties indicating what security parameters, such as keys and algorithms
they will use.

8.1.4 IPSec Algorithms

There are two types of the algorithms in the IPSec, including (1) Encryption Algorithms such as DES (Data Encryption Standard),
and 3DES (Triple DES) algorithms, and (2) Authentication Algorithms such as HMAC-MD5 (RFC 2403), and HMAC-SHA1 (RFC
2404).

8.1.5 Key Management

Key Management allows you to determine whether to use IKE (ISAKMP) or manual key configuration in order to setup a VPN.
IKE Phases
There are two phases to every IKE (Internet Key Exchange) negotiation – phase 1 (Authentication) and phase 2 (Key Exchange). A
phase 1 exchange established an IKE SA and the second one uses that SA to negotiate SAa for IPSec.
In phase 1 you must¡ G
Choose a negotiation mode
Authenticate the connection by entering a pre-shared key
Choose an encryption algorithm
Choose an authentication algorithm
Choose a Diffie-Hellman public-key cryptography key group (DH1 or DH2).
Set the IKE SA lifetime. This field allows you to determine how long IKE SA negotiation should proceed before it times
out. A value of 0 means IKE SA negotiation never times out. If IKE SA negotiation times out, then both IKE SA and
IPSec SA must be renegotiated.
VPN Technical Introduction
This chapter introduces VPN related technology
45
DFL-900 User Manual
Chapter 8

Advertisement

Table of Contents
loading

Related Manuals for D-Link DFL-900

Related Content for D-Link DFL-900

Table of Contents