D-Link DIR-455 User Manual
Page 41
37
D-Link DIR-455 User Manual
Section 3 - Configuration
Three groups can be selected: None, Group 1, Group 2, Group 5.
None: No pfs group is used.
Group 1: Uses a 768-bit Diffie-Hellman prime modulus group.
Group 2: Uses a 1024-bit Diffie-Hellman prime modulus group.
Group 5: Uses a 1536-bit Diffie-Hellman prime modulus group.
The first key that supports IKE mechanism of both VPN gateway and VPN client host for negotiating further
security keys. The pre-shared key must be same on both VPN gateways and clients.
The Type and the Value must be the same as the Type and the Value of the Local ID of the remote VPN
gateway.
The Type and the Value must be the same as the Type and the Value of the Remote ID of the remote VPN
gateway.
With the xAuth feature, the VPN client (or initiator) needs to provide additional user information to remote VPN
server (or VPN gateway) for extended authentication. The VPN server would reject the connect request from
VPN clients because of the unknown user, even though the pre-shared key is correct. This function is suitable
to remote mobile VPN clients. You can configure a VPN rule with a pre-shared key for all remote users using,
but you can also designate only someone is permitted to establish VPN connection with VPN server.
Disables Extended Authentication (xAuth).
Select this checkbox if the device behaves as a VPN server, and will verify the legality of user information
from VPN client. The user information that is provided by VPN client needs to match to user information that
is in local user database of VPN server. You can press “XAUTH account” button to edit local user database.
Please note that only VPN clients with xAuth can establish VPN connection with the device if this checkbox
has been selected.
Select this checkbox to enable IKE proposals.
Select this checkbox to enable IPSec proposals
PFS Group:
Preshared Key:
Remote ID:
Local ID:
Extended Authentication:
xAuth - None:
xAuth - Server Mode:
Set IKE Proposal:
Set IPSec Proposal: