beautypg.com

Linksys RV082 User Manual

Page 59

background image

50

Chapter 6: Set Up and Configure the Router
VPN Tab - Client to Gateway

10/100 8-Port VPN Router

Authentication Key: This field specifies a key used to authenticate IP traffic and the Authentication Key is
generated yourself. The hexadecimal value is acceptable in this field. Both sides must use the same
Authentication key. If MD5 is selected, the Authentication Key is 32-bit. If users do not fill up to 32-bit, this field
will be filled up to 32-bit automatically by 0. If SHA1 is selected, the Authentication Key is 40-bit. If users do not
fill up to 40-bit, this field will be filled up to 40-bit automatically by 0.

IKE with Preshared Key (automatic)

IKE is an Internet Key Exchange protocol that is used to negotiate key material for SA (Security Association). IKE
uses the Pre-shared Key field to authenticate the remote IKE peer.

Phase 1 DH Group: Phase 1 is used to create a security association (SA). DH (Diffie-Hellman) is a key exchange
protocol that is used during phase 1 of the authentication process to establish pre-shared keys. There are three
groups of different prime key lengths. Group 1 is 768 bits, Group 2 is 1,024 bits and Group 5 is 1,536 bits. If
network speed is preferred, select Group 1. If network security is preferred, select Group 5.

Phase 1 Encryption: There are two methods of encryption, DES and 3DES. The Encryption method determines the
length of the key used to encrypt/decrypt ESP packets. DES is 56-bit encryption and 3DES is 168-bit encryption.
Both sides must use the same Encryption method. 3DES is recommended because it is more secure.

Phase 1 Authentication: There are two methods of authentication, MD5 and SHA. The Authentication method
determines a method to authenticate the ESP packets. Both sides must use the same Authentication method.
MD5 is a one-way hashing algorithm that produces a 128-bit digest.

SHA is a one-way hashing algorithm that produces a 160-bit digest. SHA is recommended because it is more
secure, and both sides must use the same Authentication method.

Phase 1 SA Life Time: This field allows you to configure the length of time a VPN tunnel is active in Phase 1. The
default value is 28,800 seconds.

Perfect Forward Secrecy: If PFS is enabled, IKE Phase 2 negotiation will generate a new key material for IP traffic
encryption and authentication. If PFS is enabled, a hacker using brute force to break encryption keys is not able
to obtain other or future IPSec keys.

Phase 2 DH Group: There are three groups of different prime key lengths. Group1 is 768 bits, Group2 is 1,024 bits
and Group 5 is 1,536 bits. If network speed is preferred, select Group 1. If network security is preferred, select
Group 5. You can choose the different Group with the Phase 1 DH Group you chose. If Perfect Forward Secrecy is
disabled, there is no need to setup the Phase 2 DH Group since no new key generated, and the key of Phase 2 will
be the same with the key in Phase 1.

See also other documents in the category Linksys Hardware: