To start the VPN Setup Wizard, click VPN > VPN Setup Wizard. Follow the steps below to configure the
Wizard.
Step 1
In the Getting Started section, enter a connection name in the Give this connection a name box.
Step 2
Select an interface (WAN1, WAN2, USB1, or USB2) from the drop-down list.
Step 3
Click Next.
Step 4
In the Remote Router Settings section, select the Remote Connection Type from the drop-down list. If you select IP
Address, enter the IP Address, or if you select a fully qualified domain name (FQDN), enter the name.
Step 5
Click Next, to move to the next screen.
Step 6
In the Local and Remote Networks section, under Local Traffic Selection, select the Local IP (IP Address or Subnet)
from the drop-down list. If you select IP Address, enter the IP address, or if you select Subnet, enter the IP address and
subnet mask.
Step 7
Under Remote Traffic Selection, select the Remote IP (IP Address or Subnet) from the drop-down list. If you select
IP Address, enter the IP address or if you select Subnet, then enter the IP address and subnet mask.
Step 8
Click Next.
Step 9
In the IPSec Profile, select the IPSec profile from the drop-down list.
Step 10
If you select Default, then click Next.
Step 11
If you select New Profile, configure the following:
Phase 1 Options
Select a DH group (Group 2 or Group 5) from the drop-down list. DH is a key exchange
protocol, with two groups of different prime key lengths: Group 2 has up to 1,024 bits,
and Group 5 has up to 1,536 bits.
For faster speed and lower security, choose Group 2. For slower speed and higher
security, choose Group 5. Group 2 is selected by default.
Diffie-Hellman (DH) Group
Select an encryption option (3DES, AES-128, AES-192, or AES-256) from the
drop-down list. This method determines the algorithm used to encrypt or decrypt
ESP/ISAKMP packets.
Encryption
The authentication method determines how the Encapsulating Security Payload Protocol
(ESP) header packets are validated. The MD5 is a one-way hashing algorithm that
produces a 128-bit digest. The SHA1 is a one-way hashing algorithm that produces a
160-bit digest. The SHA1 is recommended because it is more secure. Make sure that
both ends of the VPN tunnel use the same authentication method. Select an authentication
(MD5, SHA1 or SHA2-256).
Authentication
Amount of time an IKE SA is active in this phase. The default value for Phase 1 is
28,800 seconds.
SA Lifetime (Sec)
Check Enable to enable PFS and enter the lifetime in seconds, or uncheck Enable to
disable.
When the PFS is enabled, the IKE Phase 2 negotiation generates a new key for the IPSec
traffic encryption and authentication. Enabling this feature is recommended.
Perfect Forward Secrecy
(PFS)
RV345/345P Administration Guide
76
VPN
VPN Setup Wizard (Site-to-Site)
To Next Page
Loading...
Need help?
General
