D-Link DSR-250v2 Product Manual - Page 90

Select the local identifier type. The options are Local WAN IP, FQDN, and User-FQDN. If

Get D-Link DSR-250v2 PDF manuals and user guides View all D-Link DSR-250v2 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 90 highlights

The fields available on the Add Ipsec profiles are as follows: Field Profile name IKE version Exchange mode Local identifier type Remote identifier type DH group Encryption algorithm Authentication algorithm SA lifetime (sec.) Authentication method Pre-shared key Certificate Dead peer detection Detection interval Reconnect after failure Description Enter a unique name for the ipsec profile. Select the version of IKE. IKE phase-1 settings Select the exchange mode: Main or Aggressive. Select the local identifier type. The options are Local WAN IP, FQDN, and User-FQDN. If you select User-FQDN, enter the FQDN name in the Local identifier field. When you select L ocal WAN IP or FQDN, it uses the Local IP address of the WAN interface, and the FQDN name of the WAN configured on the Dynamic DNS page. Select the remote identifier type. The options are Remote WAN IP, FQDN, and User-FQDN. If you select FQDN or User-FQDN, enter the FQDN name in the Remote identifier field. When you select Remote WAN IP, it uses the remote IP address entered in the VPN policy. Select the DH (Diffie-Hellman) group. It defines the strength of the key used in the key exchange process. Select the encryption algorithm to be followed during key exchange. You may select multiple algorithms. Select the authentication algorithm from the drop-down list. You may select multiple algorithms. It refers to the security association lifetime, and the range varies from 300 to 604800 seconds. Select the authentication method. The options are the Pre-shared key and RSA-Signature (Certificate). Enter the preshared key. This field is available only when you select the Pre-shared key as the Authentication method. Select the certificate to be used for authentication. This field is available only when you select RSA-Signature (Certificate) as the Authentication method. You can enable or disable the Dead peer detection feature. If enabled, it allows you to detect if the remote peer is reachable or not. If it is not reachable, this feature will make the tunnel down. Enter the interval at which you want to send peer detection packets to the peer to check its liveliness.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
The fields available on the
are as follows:
Add Ipsec profiles
Field
Description
Profile name
Enter a unique name for the
profile.
ipsec
IKE version
Select the version of IKE.
IKE phase-1 settings
Exchange mode
Select the exchange mode:
or
.
Main
Aggressive
Local identifier type
Select the local identifier type. The options are Local WAN IP, FQDN, and User-FQDN. If
you select
, enter the FQDN name in the
field. When you select
User-FQDN
Local identifier
L
or
, it uses the Local IP address of the WAN interface, and the FQDN
ocal WAN IP
FQDN
name of the WAN configured on the Dynamic DNS page.
Remote identifier type
Select the remote identifier type. The options are Remote WAN IP, FQDN, and User-FQDN.
If you select
or
, enter the FQDN name in the
field.
FQDN
User-FQDN
Remote identifier
When you select
, it uses the remote IP address entered in the VPN policy.
Remote WAN IP
DH group
Select the DH (
) group. It defines the strength of the key used in the key
Diffie-Hellman
exchange process.
Encryption algorithm
Select the encryption algorithm to be followed during key exchange. You may select
multiple algorithms.
Authentication algorithm
Select the authentication algorithm from the drop-down list. You may select multiple
algorithms.
SA lifetime (sec.)
It refers to the security association lifetime, and the range varies from 300 to 604800
seconds.
Authentication method
Select the authentication method. The options are the Pre-shared key and RSA-Signature
(Certificate).
Pre-shared key
Enter the preshared key. This field is available only when you select the
as
Pre-shared key
the
.
Authentication method
Certificate
Select the certificate to be used for authentication. This field is available only when you
select
as the
.
RSA-Signature (Certificate)
Authentication method
Dead peer detection
You can enable or disable the
feature. If enabled, it allows you to
Dead peer detection
detect if the remote peer is reachable or not. If it is not reachable, this feature will make the
tunnel down.
Detection interval
Enter the interval at which you want to send peer detection packets to the peer to check its
liveliness.
Reconnect after failure