TRENDnet TW100-BRV304 User Manual page 88

Hide thumbs Also See for TW100-BRV304:

Quick installation manual (18 pages)

Specifications (2 pages)

Datasheet (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

Table of Contents

TW100-BRV304 User's Guide

Authentication

Algorithm

Encryption

Algorithm

IKE Exchange

Mode

Direction

IKE SA Life Time

DH Group

IKE PFS

IKE Keep Alive

Click Next to see the following IKE Phase 2 screen.

•

RSA Signature requires that both VPN endpoints have valid

Certificates issued by a CA (Certification Authority).

•

For Pre-shared key, enter the same key value in both endpoints.

The key should be at least 8 characters (maximum is 128 charac-

ters). Note that this key is used for the IKE SA only. The keys

used for the IPsec SA are automatically generated.

Select the desired option, and ensure that both endpoints have the

same settings.

Select the desired method, and ensure the remote VPN endpoint uses

the same method.

•

The 3DES algorithm provides greater security than DES, but is

slower.

•

If using AES, you must select the Key Size. If using DES or

3DES, this field is ignored.

Select the desired option, and ensure the remote VPN endpoint uses

the same mode.

•

Main Mode provides identity protection for the hosts initiating

the IPSec session, but takes slightly longer to complete.

•

Aggressive Mode provides no identity protection, but is quicker.

Select the desired option:

•

Initiator - Only outgoing connections will be created. Incoming

connection attempts will be rejected.

•

Responder - Only incoming connections will be accepted.

Outgoing traffic which would otherwise result in a connection

will be ignored.

•

Both Directions - Both incoming and outgoing connections are

allowed.

This setting does not have to match the remote VPN endpoint; the

shorter time will be used. Although measured in seconds, it is com-

mon to use time periods of several hours, such 28,800 seconds.

Select the desired method, and ensure the remote VPN endpoint uses

the same method. The smaller bit size is slightly faster.

If enabled, PFS (Perfect Forward Security) enhances security by

changing the IPsec key at regular intervals, and ensuring that each

key has no relationship to the previous key. Thus, breaking 1 key

will not assist in breaking the next key.

This setting should match the remote endpoint.

Table of Contents

TRENDnet TW100-BRV304 User Manual page 88

Related Manuals for TRENDnet TW100-BRV304

Related Products for TRENDnet TW100-BRV304

Table of Contents