TP-Link TD-W9970 TD-W9970 V1 User Guide - Page 60

Select Diffie-Hellman Group for Key Exchange

Get TP-Link TD-W9970 PDF manuals and user guides View all TP-Link TD-W9970 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 60 highlights

TD-W9970 300Mbps Wireless N USB VDSL/ADSL Modem Router User Guide Settings for Phase 1:  Mode: You can select Main or Aggressive. Select Main to configure the standard negotiation parameters for IKE phase1. Select Aggressive to configure IKE phase1 of the VPN Tunnel to carry out negotiation in a shorter amount of time. (Not Recommended-Less Secure)  Note: The difference between the two is that aggressive mode will pass more information in fewer packets, with the benefit of slightly faster connection establishment, at the cost of transmitting the identities of the security firewall in the clear. When using aggressive mode, some configuration parameters such as Diffie-Hellman groups, and PFS cannot be negotiated, resulting in a greater importance of having "compatible" configuration on both ends.  My Identifier Type - Select the local ID type for IKE negotiation. Local Wan IP: uses an IP address as the ID in IKE negotiation. FQDN: uses a name as the ID.  My Identifier - This field does not need to enter if Local WAN IP is selected in My Identifier Type field. And the WAN IP will be used automatically as Identifier. If Name type is selected, enter a name for the local device as the ID in IKE negotiation.  Remote Identifier Type - The remote gateway IP will be inputted automatically if IP Address type is selected. If Name type is selected, enter the name of the remote peer as the ID in IKE negotiation.  Remote Identifier - This field does not need to enter if Remote WAN IP is selected in Remote Identifier Type field. And the remote gateway IP will be used automatically as Identifier. If Name type is selected, enter the name of the remote peer as the ID in IKE negotiation.  Encryption Algorithm - Specify the encryption algorithm for IKE negotiation. Options include: DES, 3DES, AES-128, AES-192, AES-256.  Integrity Algorithm - Select the authentication algorithm for IKE negotiation. Options include: MD5 and SHA1.  Select Diffie-Hellman Group for Key Exchange - Select the DH (Diffie-Hellman) group to be used in key negotiation phase 1. The DH Group sets the strength of the algorithm in bits.  Key Life Time: Enter the number of seconds for the IPSec lifetime. It is the period of time to pass before establishing a new IPSec security association (SA) with the remote endpoint. The default value is 3600. Settings for Phase 1:  Encryption Algorithm - Specify the encryption algorithm for IKE negotiation. Options include: DES,3DES, AES-128, AES-192, AES-256  Integrity Algorithm - Select the authentication algorithm for IKE negotiation. Options include: MD5 and SHA1.  Diffie-Hellman Group for Key Exchange - Select the DH (Diffie-Hellman) group to be used in key negotiation phase 1. The DH Group sets the strength of the algorithm in bits.  Key Life Time - Enter the number of seconds for the IPSec lifetime. It is the period of time to pass before establishing a new IPSec security association (SA) with the remote endpoint. The default value is 3600. 49

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
TD-W9970
300Mbps Wireless N USB VDSL/ADSL Modem Router User Guide
49
Settings for Phase 1:
Mode:
You can select
Main
or
Aggressive.
Select
Main
to configure the standard negotiation
parameters for IKE phase1. Select
Aggressive
to configure IKE phase1 of the VPN Tunnel to
carry out negotiation in a shorter amount of time. (Not Recommended-Less Secure)
Note:
The difference between the two is that aggressive mode will pass more information in fewer
packets, with the benefit of slightly faster connection establishment, at the cost of transmitting the
identities of the security firewall in the clear. When using aggressive mode, some configuration
parameters such as Diffie-Hellman groups, and PFS cannot be negotiated, resulting in a greater
importance of having "compatible" configuration on both ends.
My Identifier Type
- Select the local ID type for IKE negotiation.
Local Wan IP
: uses an IP
address as the ID in IKE negotiation.
FQDN
: uses a name as the ID.
My Identifier -
This field does not need to enter if
Local WAN IP
is selected in
My Identifier
Type
field. And the WAN IP will be used automatically as Identifier. If Name type is selected,
enter a name for the local device as the ID in IKE negotiation.
Remote Identifier Type
- The remote gateway IP will be inputted automatically if IP Address
type is selected. If Name type is selected, enter the name of the remote peer as the ID in IKE
negotiation.
Remote Identifier
- This field does not need to enter if
Remote WAN IP
is selected in
Remote
Identifier Type
field. And the remote gateway IP will be used automatically as Identifier. If
Name type is selected, enter the name of the remote peer as the ID in IKE negotiation.
Encryption Algorithm -
Specify the encryption algorithm for IKE negotiation. Options include:
DES, 3DES, AES-128, AES-192, AES-256.
Integrity Algorithm -
Select the authentication algorithm for IKE negotiation. Options include:
MD5
and
SHA1
.
Select Diffie-Hellman Group for Key Exchange -
Select the DH (Diffie-Hellman) group to be
used in key negotiation phase 1. The DH Group sets the strength of the algorithm in bits.
Key Life Time:
Enter the number of seconds for the IPSec lifetime. It is the period of time to
pass before establishing a new IPSec security association (SA) with the remote endpoint. The
default value is 3600.
Settings for Phase 1:
Encryption Algorithm -
Specify the encryption algorithm for IKE negotiation. Options include:
DES,3DES, AES-128, AES-192, AES-256
Integrity Algorithm -
Select the authentication algorithm for IKE negotiation. Options include:
MD5
and
SHA1
.
Diffie-Hellman Group for Key Exchange -
Select the DH (Diffie-Hellman) group to be used in
key negotiation phase 1. The DH Group sets the strength of the algorithm in bits.
Key Life Time -
Enter the number of seconds for the IPSec lifetime. It is the period of time to
pass before establishing a new IPSec security association (SA) with the remote endpoint. The
default value is 3600.