User Guide
Table Of Contents
- 1 At a glance
- 2 Quick setup
- 3 Login
- 4 System status
- 5 Internet settings
- 6 Wireless
- 7 Address reservation
- 8 Bandwidth control
- 9 Authentication
- 9.1 Overview
- 9.2 Configure captive portal
- 9.3 Example of captive portal
- 9.4 User management
- 10 AP mangement
- 11 Filter management
- 12 More settings
- 12.1 LAN settings
- 12.2 WAN parameters
- 12.3 Configure static route
- 12.4 Port mirroring
- 12.5 Manage your router remotely using web UI
- 12.6 DDNS
- 12.7 Port forwarding
- 12.8 DMZ host
- 12.9 UPnP
- 12.10 Any IP
- 12.11 Security settings
- 12.12 VPN server
- 12.13 VPN client
- 12.14 IPSec
- 12.15 Example of configuring VPN conenctions
- 12.16 Multi-WAN policy
- 13 Maintenance
- Appendix
163
Key negotiation: Auto Negotiation
To protect information confidentiality when using auto negotiation, IKE is in place to negotiate keys
for secure communication between IPSec peers. The IKE protocol is a hybrid of three other
protocols:
- ISAKMP: Internet Security Association and Key Management Protocol. It defines the procedures
for authenticating a communicating peer, creation and management of Security Associations, key
generation techniques, and threat mitigation.
- Oakley: Oakley Key Determination Protocol. It defines the specific key negotiation mechanism.
- SKEME: A secure and versatile key exchange protocol for key management over internet is
presented.
IKE negotiation can be broke down into two periods.
Period 1: Period 1 is used to negotiate the parameters and key required to establish IKE Security
Association (SA) between two IPSec peers.
Period 2: Period 2 then uses the Security Associations (SAs) negotiated in Period 1 to protect future
IKE communication.
When Auto Negotiation is selected, the following page appears.
Parameter description
Parameter
Description
Authentication
Type
The router supports IPSec authentication with Shared Key. Only authorized users can
access the private network.
Pre-shared Key
It is used to encrypt Phase1 authentication information. A pre-shared key contains a
maximum of 128 characters.
This must be the same at both ends.
DPD Detection
Dead Peer Detection.
It is used to detect the liveliness of its IIKE peer.
DPD Detection
Cycle
It is used to configure the router to detect the liveliness of its IKE peer at regular intervals.