Linksys WRT54G3GV2 Manuel D’Utilisation
Chapter3
Advanced Configuration
22
Wreless-G Router for Moble Broadband
VPN> Advanced IPSec VPN Tunnel Setup
Phase 1
Phase 1 is used to create a Security Association (SA), often
Phase 1 is used to create a Security Association (SA), often
called the IKE SA. After Phase 1 is completed, Phase 2 is
used to create one or more IPSec SAs, which are then used
to key IPSec sessions.
Operaton Mode
There are two modes: Main and
Aggressive, and they exchange the same IKE payloads
in different sequences. Main mode is more common;
however, some people prefer Aggressive mode because
it is faster. Main mode is for normal usage and includes
more authentication requirements than Aggressive mode.
Main mode is recommended because it is more secure.
No matter which mode is selected, the Router will accept
both Main and Aggressive requests from the remote VPN
device.
Proposal 1
A proposal is a set of parameters that the initiator sends
Proposal 1
A proposal is a set of parameters that the initiator sends
and the responder examines for acceptability.
Encrypton
Select the length of the key used to encrypt
and decrypt ESP packets. Select DES or 3DES. 3DES is
recommended because it is more secure.
Authentcaton
Select the method used to authenticate
ESP packets. Select MD or SHA. SHA is recommended
because it is more secure.
Group
Select a Diffie-Hellman group, -bt or 102-
bt. Diffie-Hellman refers to a cryptographic technique
that uses public and private keys for encryption and
decryption.
Key Lfetme
You may optionally select to have the key
expire at the end of a time period of your choosing. Enter
the number of seconds you’d like the key to be used until a
re-key negotiation between each endpoint is completed.
The default is 300 seconds.
Phase 2
Proposal
Phase 2
Proposal
Encrypton
The encryption method selected in Phase 1
is displayed.
Authentcaton
The authentication method selected in
Phase 1 is displayed.
PFS
The status of PFS is displayed.
Group
Select a Diffie-Hellman group, -bt or 102-
bt. Diffie-Hellman refers to a cryptographic technique
that uses public and private keys for encryption and
decryption.
Key Lfetme
The key lifetime selected in Phase 1 is
displayed.
Other Setting
Other Setting
NAT Traversal
Select this option if the remote device is
behind a Network Address Translation (NAT) device.
NetBIOS broadcast
Select this option to enable NetBIOS
traffic to pass through the VPN tunnel. This should be used
if the local network does not include a WINS server and
the remote device(s) need to find local devices by their
NetBIOS names.
Ant-replay
Packets sent through an IPSec tunnel
contain sequencing numbers to let the receive detect if
a substitution has occurred. Select this option to enable
the Anti-replay protection, which keeps track of sequence
numbers as packets arrive, ensuring security at the IP
packet level.
Keep-Alve
Select this option to have the Router
periodically check your Internet connection. If the tunnel
is disconnected, then the Router will automatically re-
establish your connection.
If IKE faled more than _ tmes, block ths unauthorzed
IP for __ seconds
IKE failure may indicate an intrusion
attempt. You can set a limit on the number of consecutive
failed requests allowed from the same IP address. You can
also specify the amount of time that the Router ignores
further requests from that IP address.
Click Save Settngs to apply your changes, or click Cancel
Click Save Settngs to apply your changes, or click Cancel
Changes to cancel your changes. Then close this screen to
return to the VPN screen.
On the VPN screen, click Save Settngs to apply your
On the VPN screen, click Save Settngs to apply your
changes, or click Cancel Changes to cancel your
changes.