User Manual

ManualsBrandsGemtek Technology ManualsElectronicsWireless AP VPN Router

tunnel. The

remote VPN device can be another VPN Router, a VPN Server, or a computer with VPN client

software that

supports IPSec. The IP Address may either be static (permanent) (select IP Addr.) or dynamic

(changing)

(select FQDN for DDNS,or Any), depending on the settings of the remote VPN device. Make sure

that you have

entered the IP Address correctly, or the connection cannot be made. Remember, this is NOT the

IP Address of

the local VPN Router, but the IP Address of the remote VPN Router or device with which you wish

communicate. If the IP Address is static, select IP Addr. , if the IP Address is dynamic (changing),

select FQDN

for DDNS or Any. If FQDN is selected, enter the DDNS domain name of the remote Router. The

Router will

receive an IP Address for this domain name.

• Encryption. Using Encryption also helps make your connection more secure. There are two

different types of

encryption: DES or 3DES (3DES is recommended because it is more secure). You may choose

either of these,

but it must be the same type of encryption that is being used by the VPN device at the other end of

the tunnel.

Or, you may choose not to encrypt by selecting Disable.

Figure 6-24: IP Range

Figure 6-23: IP Address

Figure 6-25: Host

Figure 6-26: Subnet/Any

• Authentication. Authentication acts as another level of security. There are two types of

authentication: MD5

and SHA (SHA is recommended because it is more secure). As with encryption, either of these

may be

selected, provided that the VPN device at the other end of the tunnel is using the same type of

authentication.

Or, both ends of the tunnel may choose to Disable authentication.

• Key Management. Key Exchange Method. Select Auto (IKE) or Manual for the Key Exchange

Method. The two

methods are described below.

Auto (IKE)

Select Auto (IKE) and enter a series of numbers or letters in the Pre-shared Key field. Check the

box next to

PFS (Perfect Forward Secrecy) to ensure that the initial key exchange and IKE proposals are

secure. Based on

this word, which MUST be entered at both ends of the tunnel if this method is used, a key is

generated to

scramble (encrypt) the data being transmitted over the tunnel, where it is unscrambled (decrypted).

You may

use any combination of up to 24 numbers or letters in this field. No special characters or spaces

are allowed.

In the Key Lifetime field, you may optionally select to have the key expire at the end of a time

period of your

choosing. Enter the number of seconds you’d like the key to be useful, or leave it blank for the key

to last

indefinitely.

Manual (See Figure 6-29)

If you select Manual, you generate the key yourself, and no key negotiation is needed. Basically,