beautypg.com

Vpn – advanced settings – D-Link DFL-700 User Manual

Page 56

background image

56

VPN – Advanced Settings

Advanced settings for a VPN tunnel is used when one need change some characteristics

of the tunnel when using for example trying to connect to a third party VPN Gateway. The
different settings to set per tunnel is the following:

Limit MTU

Whit this setting it’s possible to limit the MTU (Max Transferable Unit) of the VPN tunnel.

IKE Mode

Specify if Main mode IKE or Aggressive Mode IKE should be used when establishing

outbound VPN Tunnels. Inbound main mode connections will always be allowed. Inbound
aggressive mode connections will only be allowed if this setting is set to aggressive mode.

IKE DH Group

Here it’s possible to configure the Diffie-Hellman group to 1 (modp 768-bit), 2 (modp 1024-

bit) or 5 (modp 1536-bit).

PFS – Perfect Forward Secrecy

If PFS, Perfect Forwarding Secrecy, is enabled, a new Diffie-Hellman exchange is

performed for each phase-2 negotiation. While this is slower, it makes sure that no keys are
dependent on any other previously used keys; no keys are extracted from the same initial
keying material. This is to make sure that, in the unlikely event that some key was
compromised; no subsequent keys can be derived.

NAT Traversal

Here it’s possible to configure how the NAT Traversal code should behave.

Disabled - The firewall does not send the Vendor ID's that include NAT-T support when

setting up the tunnel.

On if supported and need NAT - Will only use NAT-T if one of the VPN gateways is

NATed.

On if supported - Always tries to use NAT-T when setting up the tunnel.

Keepalives

No keepalives – Keep-alive is disabled.

Automatic keepalives - The firewall will send ICMP pings to IP Addresses automatically

discovered from the VPN Tunnel settings.

Manually configured IP addresses - Configure the source and destination IP addresses

used when sending the ICMP pings