User's Manual

AR396 User’s Guide

 Select the Authentication Method: Pre-shared Key or Certificate (X.509)

 Enter the Pre-shared key if chooses Pre-shared key as the authentication method

 Select to enable or disable the Perfect Forward Secrecy.

 Click Show Advanced Settings for more settings.

Figure 58: IPSec VPN Advanced Settings

 There are two phases in advanced settings. There are five parameters in phase 1 and four

parameters in phase 2.

 Select Mode from the list in phase 1: Main or Aggressive

 Select Encryption Algorithm from the list in phase 1 and 2: DES, 3DES, AES-128,

AES-192, AES-255

 Select Integrity Algorithm in phase 1 and 2: MD5 or SHA1

 Set Diffie-Hellman Group in phase 1 and 2 for Key Exchange

 Enter the Key life time in phase 1 and 2 to change the key again.

 Click Save/Apply to save the configuration

C e rtific a te

The page provides the Certificate configuration. There are two sub-menu (Local and Trusted

CA) are provided. “Local” means local certificates and “Trusted CA” means trusted certificate

Authority certificates. Local Certificates preserve the identity of the modem. CA certificates are

used by the device to very certificates from the other hosts.

Local Certificates

Local certificates are used by peers to verify your identity.

Figure 59: Local Certificate Configuration