Operation Manual

ManualsBrandsNetgear ManualscomputerDGN2200Bv4

111

112

113

114

115

116

117

118

119

120

Virtual Private Networking

115

N300 Wireless ADSL2+ Modem Router DGN2200v4

Select the option that matches the Local Identity Type setting on the remote VPN

endpoint.

- IP Address. The Internet IP address of the remote VPN endpoint.

- Fully Qualified Domain Name. The domain name of the remote VPN endpoint.

- Fully Qualified User Name. The name, email address, or other ID of the remote

VPN endpoint.

7. Specify the following parameters:

• Select the encryption algorithm.

This is the encryption algorithm used for both IKE and IPSec. This setting has to

match the setting used on the remote VPN gateway. DES and 3DES are supported.

- DES. The Data Encryption Standard (DES) processes input data that is 64 bits

wide, encrypting these values using a 56-bit key. Faster but less secure than

3DES.

- 3DES. (Triple DES) achieves a higher level of security by encrypting the data

three times using DES with three different, unrelated keys.

• Select the authentication algorithm.

This is the authentication algorithm used for both IKE and IPSec. This setting has to

match the setting used on the remote VPN gateway. Auto, MD5, and SHA-1 are

supported. Auto negotiates with the remote VPN endpoint and is not available in

responder-only mode.

- MD5. 128 bits, faster but less secure.

- SHA-1. 160 bits, slower but more secure. This is the default.

• Enter the pre-shared key.

The key has to be entered both here and on the remote VPN gateway.

• Enter the SA life time value.

This value is the time interval before the SA (security association) expires. (It is

automatically reestablished as required.) While using a short time period (or data

amount) increases security, it also degrades performance. It is common to use

periods over an hour (3600 seconds) for the SA life time. This setting applies to both

IKE and IPSec SAs.

• If you want enhanced security, select the Enable IPSec PFS (Perfect Forward

Secrecy) check box.

If this check box is selected, security is enhanced by ensuring that the key is changed

at regular intervals. Also, even if one key is broken, subsequent keys are no easier to

break. (Each key has no relationship to the previous key.)

This setting applies to both IKE and IPSec SAs. When configuring the remote

endpoint to match this setting, you might have to specify the key group used. For this

device, the key group is the same as the DH Group setting in the IKE section.

8. Click Apply.