Netgear LG6100D ユーザーガイド
Set up a Virtual Private Network (VPN)
126
Note: If the Remote ID field is blank, the gateway uses the IP address of the remote
gateway.
gateway.
9. In the Exchange Mode field, select Main or Aggressive.
In Main mode, IKE separates the key information from the identities, allowing for the
identities of peers to be secure at the expense of extra packet exchanges. In Aggressive
mode information is packed in fewer packets.
identities of peers to be secure at the expense of extra packet exchanges. In Aggressive
mode information is packed in fewer packets.
Note: Aggressive mode is valid only for IKEv1.
10. In the IKE Phase 1 Key Lifetime field, enter the lifetime of the generated keys of Phase 1
of the IPSec negotiation from IKE.
After the time has expired, IKE renegotiates a new set of Phase 1 keys. The default
value is 28800. The minimum and maximum values are 3600 and 604800.
value is 28800. The minimum and maximum values are 3600 and 604800.
11. Select the Phase 1 encryption.
Each IKE exchange uses one encryption algorithm that can be 3DES, AES128, or
AES256. The default value is AES128.
AES256. The default value is AES128.
12. Select the Phase 1 authentication.
Each IKE exchange uses one hash algorithm. MD5 and SHA-1 are supported. The
default value is SHA1.
default value is SHA1.
13. Select the key Phase 1 key group (DH group).
Each IKE exchange uses one DH group to make a secure exchange. Supported DH
groups are: DH1 (768), DH2 (1024), DH5 (1536), and DH14 (2048). The default value is
DH2 (1024).
groups are: DH1 (768), DH2 (1024), DH5 (1536), and DH14 (2048). The default value is
DH2 (1024).
14. To use perfect forward secrecy, leave the Perfect Forwarding Secrecy check box
selected.
When perfect forward secrecy is selected, IKE generates a new set of keys in Phase 2
rather than using the same keys generated in Phase 1. The new keys are exchanged in
an encrypted session. Enabling this feature affords the policy greater security.
rather than using the same keys generated in Phase 1. The new keys are exchanged in
an encrypted session. Enabling this feature affords the policy greater security.
15. In the IKE Phase2 Key Lifetime field, enter the lifetime of the generated keys of Phase 2
of the IPSec negotiation from IKE.
After the time has expired, IKE renegotiates a new set of Phase 1 keys. The default
value is 3600. The minimum and maximum values are 3600 and 604800.
value is 3600. The minimum and maximum values are 3600 and 604800.
16. Select the Phase 2 encryption.