Table of Contents
Advertisement
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B
This value is the time interval before the SA (security association) expires. (It is
automatically reestablished as required.) While using a short time period (or data
amount) increases security, it also degrades performance. It is common to use
periods over an hour (3600 seconds) for the SA life time. This setting applies to both
IKE and IPSec SAs.
•
If you want enhanced security, select the Enable IPSec PFS (Perfect Forward
Secrecy) check box.
If this check box is selected, security is enhanced by ensuring that the key is changed
at regular intervals. Also, even if one key is broken, subsequent keys are no easier to
break. (Each key has no relationship to the previous key.)
This setting applies to both IKE and IPSec SAs. When configuring the remote
endpoint to match this setting, you might have to specify the key group used. For this
device, the key group is the same as the DH Group setting in the IKE section.
9.
Click Apply.
The VPN Policies screen displays:
10.
Repeat these steps for the gateway on LAN B.
Pay special attention to the following network settings:
•
General, Remote Address Data (for example, 14.15.16.17)
•
Remote LAN, Start IP Address
-
IP Address (for example, 192.168.0.1)
-
Subnet Mask (for example, 255.255.255.0)
-
Pre-shared Key (for example, 12345678)
11.
To activate the VPN tunnel, start using it, or use the VPN Status screen (select the tunnel
and click Connect).
Add or Edit a Manual VPN Policy
A manual VPN policy requires all settings for the VPN tunnel to be manually entered at each
end (both VPN endpoints).
Virtual Private Networking
135
Advertisement
Table of Contents
