Specifications
WAN Configuration 4-25
11.Specify a Key Lifetime, which is the number of seconds that the key is valid. At the end of the lifetime,
the key is renegotiated between the two parties.
12.Select the Diffie-Hellman Group to use. The Diffie-Hellman key agreement protocol allows two users
to exchange a secret key over an insecure medium without any prior secrets. Two algorithms exist, one
768-bit and one 1024-bit algorithm.
13.If you wish to delete the IPSEC Security Association (SA) with the IKE Security Association (SA) choose
Yes from the Delete IPSEC SA with IKE SA menu. Otherwise select No.
14.Click the Ok button to return to the VPN screen.
4.6.6 VPN: Frequently Asked Questions
WARNING! Disclaimer: Using a VPN connection over the WAN interface is subject to the
limitations of your Internet Service Provider.
4.6.6.1 My tunnel works fine when I use the Subnet Access page to configure my firewall. Now
that I use Advanced Subnet Access, my VPN no longer works. What am I doing wrong?
VPN requires certain packets to be passed through the firewall. Subnet Access automatically inserts these
rules for you when you do VPN. Using Advanced Subnet Access requires the following rules to be in effect
for each tunnel.
An allow inbound rule:
AES 128-bit This options selects the Advanced Encryption Standard algorithm in use with 128-bit
(32-character hexadecimal) keys.
AES 192-bit This options selects the Advanced Encryption Standard algorithm in use with 192-bit
(48-character hexadecimal) keys.
AES 256-bit This options selects the Advanced Encryption Standard algorithm in use with 256-bit
(64-character hexadecimal) keys.
Group 1 - 768 bit Somewhat faster than the 1024-bit algorithm, but secure enough in most situa-
tions.
Group 2 - 1024 bit Somewhat slower than the 768-bit algorithm, but much more secure and a better
choice for extremely sensitive situations.
Src <Remote Subnet IP range>
Dst <Local Subnet IP range>
Transport ANY
Src port 1:65535
Dst port 1:65535
Rev NAT None