D-Link DWC-1000 User Manual page 99

Field
NAT Keep Alive Frequency
Local Identifier Type
Local Identifier
Remote Identifier Type
Remote Identifier
Encryption Algorithm
Authentication Algorithm
VPN Settings
If NAT Traversal = On, use this option to control the keep-alive-frequency value. Keep-alive
packets are sent at the specified time interval and are used to keep the NAT mappings alive on
the NAT device. Setting this value to 0 disables this feature.
Select the ISAKMP identifier for this router. Choices are:
Local WAN IP
•
FQDN
•
User-FQDN
•
DER ASN1 DN
•
Enter the appropriate value for the local identifier.
If the Local or Remote Identifier is not an IP address, negotiation is only possible in aggressive
mode. If FQDN, User FQDN or DER ASN1 DN is selected, the wireless controller disables main
mode and sets the default setting to aggressive mode.
Select the ISAKMP identifier for this router. Choices are:
Remote WAN IP
•
FQDN
•
User-FQDN
•
DER ASN1 DN
•
Enter the appropriate value for the remote identifier.
If the Local or Remote Identifier is not an IP address, negotiation is only possible in aggressive
mode. If FQDN, User FQDN or DER ASN1 DN is selected, the wireless controller disables main
mode and sets the default setting to aggressive mode.
Check the algorithm used to negotiate the SA. Choices are:
DES = faster than 3DES, but less secure.
•
3DES = triple DES. More secure method than DES, but with lower throughput.
•
Advanced Encryption Standard is a block cipher that can be used at 128, 192, or 256 bits. The
•
higher the bit rate, the stronger the encryption but the trade-off is lower throughput. It is more
secure than DES or 3DES. The following AES choices are supported:
AES-128
−
AES-192
−
AES-256
−
BLOWFISH = a symmetric encryption algorithm that uses the same secret key to both encrypt
•
and decrypt messages. Blowfish is also a block cipher that divides a message into fixed length
blocks during encryption and decryption. Blowfish has a 64-bit block size and a key length of
anywhere from 32 bits to 448 bits, and uses 16 rounds of main algorithm.
CAST128 = a 128-bit block cipher. CAST is a strong, military-grade encryption algorithm that
•
has a solid reputation for its ability to withstand unauthorized access.
Specify the authentication algorithm for the VPN header. Ensure that the same authentication
algorithm is configured on both sides of the tunnel. Choices are:
MD5 = Message-Digest algorithm 5 (MD5). MD5 is less secure than SHA, but faster.
•
SHA-1 = Secure Hash Algorithm (SHA-1) hash function. SHA-1 uses a 160-bit encryption key
•
and is stronger than MD5.
SHA2-256 = SHA-256 hash function that uses 32-bit words.
•
SHA2-384 = SHA-384 hash function.
•
SHA2-512 = SHA-512 hash function that uses 64-bit words.
•
99
DWC-1000 Wireless Controller User's Guide
Description