D-Link DFL-1100 Product Manual - Page 62

VPN - Advanced Settings Advanced settings for a VPN tunnel is used when the user needs to change some characteristics of the tunnel to, for example, try to connect to a third party VPN Gateway. The different settings per tunnel are: Limit MTU With this setting it is possible to limit the MTU (Max Transferable Unit) of the VPN tunnel. IKE Mode Specify if Main mode IKE or Aggressive Mode IKE should be used when establishing outbound VPN Tunnels. Inbound main mode connections will always be allowed. Inbound aggressive mode connections will only be allowed if this setting is set to aggressive mode. IKE DH Group Here it is possible to configure the Diffie-Hellman group to 1 (modp 768-bit), 2 (modp 1024-bit), or 5 (modp 1536-bit). PFS - Perfect Forward Secrecy If PFS, Perfect Forwarding Secrecy, is enabled, a new Diffie-Hellman exchange is performed for each phase-2 negotiation. While this is slower, it makes sure that no keys are dependent on any other previously used keys; no keys are extracted from the same initial keying material. PFS is used to ensure that in the unlikely event an encryption key is compromised, no subsequent keys could be derived from that compromised key. NAT Traversal Here it is possible to configure how the NAT Traversal code should behave. Disabled - The firewall will not send the necessary Vendor ID's to indicate NAT-T support when setting up the tunnel. On if supported and need NAT - Will only use NAT-T if one of the VPN gateways is behind a NAT device. On if supported - Always tries to use NAT-T when setting up the tunnel. Keepalives No keepalives - Keep-alive is disabled. Automatic keepalives - The firewall will send ICMP pings to IP Addresses automatically discovered from the VPN Tunnel settings. Manually configured IP addresses - Configure the source and destination IP addresses used when sending the ICMP pings. 62