Table of Contents
Advertisement
TRENDnet User's Guide
Below is a reference of the additional IPsec VPN settings if you choose to make other
configuration changes to these sections.
•
Certificate List – Used for IPsec tunnels requiring the RSA authentication type.
You can create or import IPsec certificates under Administrator > Certificate
Management.
•
Local ID/Remote ID – This parameter is only required for IPsec tunnels with the
RSA authentication type. If not using RSA, this additional parameter can be
added for extra security in identification of the IPsec peers. (e.g. Local ID
assigned CN=vpnsite1.trendnet.com and Remote ID CN=vpnsite2.trendnet.com)
•
Authentication Key – This is the PSK (pre-shared key) used for IPsec tunnels
requiring the PSK authentication type.
•
XAUTH Account – This parameter provides an additional layer of security by
requiring a user name and password for authentication of the IPsec tunnel and
required for IPsec XAUTH PSK tunnel type.
•
EAP Account – This parameter provides an additional layer of security by
requiring a user name and password for authentication of the IPsec tunnel and
required for IPsec IKEv2 RSA EAP_MS_CHAPv2 tunnel type.
Phase 1 settings
•
Phase 1 auto configure – Checking this option automatically configures the
IPsec Phase 1 parameters for the tunnel. Unchecking this option allows you to
manually set the IPsec Phase 1 parameters.
o
Cipher algorithm – The encryption/cipher algorithm used for IPsec
phase 1. AES 256-bit offers the highest degree security.
o
Hash algorithm – The authentication/hash algorithm used for IPsec
phase 1. SHA2 256-bit offers highest degree of security.
o
DH exchange – The Diffie-Hellman group used for IPsec phase 1 key
exchange. Group 14 (2048 bit) offers the highest degree of security.
Phase 2 settings
•
Phase 2 auto configure – Checking this option automatically configures the
IPsec Phase 2 parameters for the tunnel. Unchecking this option allows you to
manually set the IPsec Phase 2 parameters.
o
Transform algorithm – The encryption/cipher algorithm used for IPsec
phase 2. AES 256-bit offers the highest degree security.
o
Hash algorithm – The authentication/hash algorithm used for IPsec
phase 2. SHA2 256-bit offers highest degree of security.
© Copyright 2023 TRENDnet. All Rights Reserved.
o
PFS exchange – The Perfect Forward Secrecy group used for IPsec
phase 2. PFS adds additional security to the IPsec tunnel by forcing re-
negotiation of phase 1 keys for every new pair of phase 2 SAs (security
associations) established. Group 14 (2048 bit) offers the highest
degree of security.
•
DPD (Dead Peer Detection) – DPD implements a keep alive/monitoring
function to the IPsec tunnel to check if IPsec peers are still active and
responding.
o
DPD action - Sets the action when IPsec peers do not respond to DPD
messages within the DPD delay interval. Clear will automatically close
the IPsec connection and will not attempt to re-negotiate the
connection, Hold will keep the connection and will attempt to re-
negotiate the connection on-demand only when new traffic is sent
through the tunnel, Restart will immediately force re-negotiation of
the connection.
o
DPD delay – Sets the time interval when DPD messages are sent o
IPsec peers to check the alive status.
o
DPD timeout – Sets the maximum timeout interval when IPsec
connections are completely deleted due to inactivity.
TEW-929DRU
65
Advertisement
Table of Contents
