User's Manual Part 2

ManualsBrandsSercomm ManualsComputers & AccessoriesWireless ADSL Modem Router

Advanced Features

IKE

Direction This setting is used when determining if the IKE policy matches the

current traffic. Select the desired option.

• Responder only - Incoming connections are allowed, but

outgoing connections will be blocked.

• Initiator and Responder - Both incoming and outgoing connec-

tions are allowed.

Exchange Mode IPSec has 2 possibilities - "Main Mode" and "Aggressive Mode".

Currently, only "Main Mode" is supported. Ensure the remote VPN

endpoint is set to use "Main Mode".

Diffie-Hellman (DH)

Group

The Diffie-Hellman algorithm is used when exchanging keys. The

DH Group setting determines the number of bit size used in the

exchange. This value must match the value used on the remote VPN

Gateway.

Local Identity Type Select the desired option to match the "Remote Identity Type"

setting on the remote VPN endpoint.

• WAN IP Address - your Internet IP address.

• Fully Qualified Domain Name - your domain name.

• Fully Qualified User Name - your name, E-mail address, or other

ID.

Remote Identity Type

Select the desired option to match the "Local Identity Type" setting

on the remote VPN endpoint.

• IP Address - The Internet IP address of the remote VPN end-

point.

• Fully Qualified Domain Name - the Domain name of the remote

VPN endpoint.

• Fully Qualified User Name - the name, E-mail address, or other

ID of the remote VPN endpoint.

Remote Identity Data

Enter the data for the selection above. (If "IP Address" is selected,

no input is required.)

SA Parameters

Encryption Encryption Algorithm used for both IKE and IPSec. This setting

must match the setting used on the remote VPN Gateway.

Authentication Authentication Algorithm used for both IKE and IPSec. This setting

must match the setting used on the remote VPN Gateway.

Pre-shared Key The key must be entered both here and on the remote VPN Gateway.

This method does not require using a CA (Certificate Authority).

SA Life Time This determines the time interval before the SA (Security Associa-

tion) expires. (It will automatically be re-established if necessary.)

While using a short time period (or data amount) increases security,

it also degrades performance. It is common to use periods over an

hour (3600 seconds) for the SA Life Time. This setting applies to

both IKE and IPSec SAs.