Diamond Audio Technology DSL642WLG ユーザーズマニュアル
Advanced Features
75
Exchange Mode
IPSec has 2 possibilities - "Main Mode" and "Aggressive Mode".
Currently, only "Main Mode" is supported. Ensure the remote VPN
endpoint is set to use "Main Mode".
Currently, only "Main Mode" is supported. Ensure the remote VPN
endpoint is set to use "Main Mode".
Diffie-Hellman (DH)
Group
Group
The Diffie-Hellman algorithm is used when exchanging keys. The
DH Group setting determines the number of bit size used in the
exchange. This value must match the value used on the remote VPN
Gateway.
DH Group setting determines the number of bit size used in the
exchange. This value must match the value used on the remote VPN
Gateway.
Local Identity Type
Select the desired option to match the "Remote Identity Type"
setting on the remote VPN endpoint.
• WAN IP Address - your Internet IP address.
• Fully Qualified Domain Name - your domain name.
• Fully Qualified User Name - your name, E-mail address, or
setting on the remote VPN endpoint.
• WAN IP Address - your Internet IP address.
• Fully Qualified Domain Name - your domain name.
• Fully Qualified User Name - your name, E-mail address, or
other ID.
Remote Identity
Type
Type
Select the desired option to match the "Local Identity Type" setting
on the remote VPN endpoint.
• IP Address - The Internet IP address of the remote VPN end-
on the remote VPN endpoint.
• IP Address - The Internet IP address of the remote VPN end-
point.
• Fully Qualified Domain Name - the Domain name of the
remote VPN endpoint.
• Fully Qualified User Name - the name, E-mail address, or other
ID of the remote VPN endpoint.
Remote Identity
Data
Data
Enter the data for the selection above. (If "IP Address" is selected,
no input is required.)
no input is required.)
SA Parameters
Encryption
Encryption Algorithm used for both IKE and IPSec. This setting
must match the setting used on the remote VPN Gateway.
must match the setting used on the remote VPN Gateway.
Authentication
Authentication Algorithm used for both IKE and IPSec. This setting
must match the setting used on the remote VPN Gateway.
must match the setting used on the remote VPN Gateway.
Pre-shared Key
The key must be entered both here and on the remote VPN Gate-
way. This method does not require using a CA (Certificate
Authority).
way. This method does not require using a CA (Certificate
Authority).
SA Life Time
This determines the time interval before the SA (Security Associa-
tion) expires. (It will automatically be re-established if necessary.)
While using a short time period (or data amount) increases security,
it also degrades performance. It is common to use periods over an
hour (3600 seconds) for the SA Life Time. This setting applies to
both IKE and IPSec SAs.
tion) expires. (It will automatically be re-established if necessary.)
While using a short time period (or data amount) increases security,
it also degrades performance. It is common to use periods over an
hour (3600 seconds) for the SA Life Time. This setting applies to
both IKE and IPSec SAs.
IPSec PFS (Perfect
Forward Secrecy)
Forward Secrecy)
If enabled, security is enhanced by ensuring that the key is changed
at regular intervals. Also, even if one key is broken, subsequent
keys are no easier to break. (Each key has no relationship to the
previous key.)
at regular intervals. Also, even if one key is broken, subsequent
keys are no easier to break. (Each key has no relationship to the
previous key.)
This setting applies to both IKE and IPSec SAs. When configuring
the remote endpoint to match this setting, you may have to specify
the "Key Group" used. For this device, the "Key Group" is the same
as the "DH Group" setting in the IKE section.
the remote endpoint to match this setting, you may have to specify
the "Key Group" used. For this device, the "Key Group" is the same
as the "DH Group" setting in the IKE section.