Multitech RF650VPN User Manual download pdf (Page 46)

FriendlyNET VPN Security Router

The preferred way to do this is with automatic keying using the

Internet Key Exchange Protocol (IKE). This requires that your ISP

or firewall allows traffic for TCP port 500. Check with your ISP or

network administrator if you are not sure if traffic for TCP port 500 is

allowed.

If IKE is impossible for some reason, you can set up the router’s

keys for each tunnel manually. This is described in more detail be-

low (see section 4.4).

The other parameters on the VPN Settings page control how the

VPN tunnel is set up. If you are creating the Secure Association

(SA) using the IKE Mode (the default mode), complete the fields

described in the following sections.

4.3.1 Perfect Forward Secure

This is an optional feature of IKE. When enabled (the default set-

ting), this feature may impose some additional overhead on the

router, but can offer added protection against an eavesdropper be-

ing able to decode the encrypted data. Either setting is acceptable,

but both ends of the tunnel must match settings. Click the respec-

tive radio button to enable or disable this feature.

4.3.2 Encryption Protocol

The router is able to use two encryption protocols: choose NULL

(no encryption), DES, or Triple DES (3DES). The same protocol

must be chosen (must match) that provided by the remote device.

Unless you have a need for one of the others, you should select

3DES.

1 2 ... 41 42 43 44 45 46 47 48 49 50 51 ... 75 76

No comments

Multitech RF650VPN User Manual Page 46