Netgear DGND3300v2 User Manual - Page 105
Dynamic IP, address, domain name, Fields and Settings, Description, IKE Keep Alive
View all Netgear DGND3300v2 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 105 highlights
N300 Wireless Dual Band ADSL2+ Modem Router DGND3300v2 User Manual Table 5. VPN - Auto Policy Screen Settings (Continued) Fields and Settings Description Parameters (Continued) SA Life Time The time interval before the SA (security association) expires. (It is automatically reestablished as required.) While using a short time period (or data amount) increases security, it also degrades performance. It is common to use periods over an hour (3600 seconds) for the SA life-time. This setting applies to both IKE and IPSec SAs. Enable IPSec PFS • If this check box is selected, security is enhanced by ensuring that (Perfect Forward the key is changed at regular intervals. Also, even if one key is Secrecy) broken, subsequent keys are no easier to break. (Each key has no relationship to the previous key.) • This setting applies to both IKE and IPSec SAs. When configuring the remote endpoint to match this setting, you might have to specify the key group used. For this device, the key group is the same as the DH Group setting in the IKE section. General Policy Name Enter a unique name to identify this policy. This name is not supplied to the remote VPN endpoint. It is used only to help you manage the policies. Remote VPN Endpoint • The remote VPN endpoint must have this VPN gateway's address entered as its remote VPN endpoint. • If the remote endpoint has a dynamic IP address, select Dynamic IP address. No address data input is required. You can set up multiple remote dynamic IP policies, but only one such policy can be enabled at a time. Otherwise, select an option (IP address or domain name) and enter the address of the remote VPN endpoint to which you want to connect. IKE Keep Alive • If you want to ensure that a connection is kept open, or, if that is not possible, that it is quickly reestablished when disconnected, select this check box. • The ping IP address must be associated with the remote endpoint. The remote LAN address must be used. This IP address will be pinged periodically to generate traffic for the VPN tunnel. The remote keep-alive IP address must be covered by the remote LAN IP range and must correspond to a device that can respond to ping. The range should be made as narrow as possible to meet this objective. Local LAN Subnet Mask The remote VPN endpoint must have these IP Single/Start IP Address addresses entered as its remote addresses. Enter the network mask. • Enter the IP address for a single address, or the starting address for an address range. A single address setting is used when you want to make a single server on your LAN available to remote users. A range must be an address range used on your LAN. • Any. The remote VPN endpoint might be at any IP address. Chapter 6. Virtual Private Networking | 105