VPN
Configuring IPsec VPN Policies
STEP 5
STEP 6
Cisco RV315W Broadband Wireless VPN Router Administration Guide
-
Auto: Automatically obtain the primary remote gateway ID.
-
Manual: Manually enter the IP address or the fully qualified domain name
(FQDN) of the primary remote gateway ID.
•
Backup Remote Gateway ID: Choose how to specify the secondary remote
gateway ID.
-
Auto: Automatically obtain the secondary remote gateway ID.
-
Manual: Manually enter the IP address or the fully qualified domain name
(FQDN) of the secondary remote gateway ID.
•
Authentication Method: The IPsec VPN uses a simple, password-based
key to authenticate. Enter the desired value that the peer device must
provide to establish a connection in the Pre-shared Key field. The pre-
shared key must be entered exactly the same here and on the remote peer.
•
Show Password: Check to show the pre-shared key in plaintext.
In the Interest Traffic area, choose one of the following methods:
•
Route: If you choose this option, enter the IP address and subnet mask
protected by the IPsec VPN.
•
Flow-based: If you choose this option, enter the source IP address/wildcard
and destination IP address/wildcard.
In the Advanced VPN Settings area, specify advanced VPN settings of the IPsec
VPN policy.
•
1st Phase: Enter the following information:
-
Exchange Mode: Choose either Main Mode or Aggressive Mode. The
main mode has a higher priority than the aggressive mode.
-
Authentication Algorithm: Specify the authentication algorithm for the
VPN header. There are two hash algorithms supported by the RV315W:
SHA1 and MD5. The default is SHA1.
-
Encryption Algorithm: Choose the algorithm used to negotiate the
security association. The encryption standard supports DES, 3DES, AES-
128, AES-192, and AES-256. The default is AES-256.
-
DH Group: Choose the Diffie-Hellman (DH) group identifier, which the
two IPsec peers use to derive a shared secret without transmitting it to
each other. The DH group sets the strength of the algorithm in bits. The
lower the DH group number, the less CPU time it requires to be executed.
The higher the DH group number, the greater the security.
6
71