D-Link DBG-2000 Product Manual 1 - Page 106

Select the local identifier type. The options are Local WAN IP, FQDN, and User-FQDN. If

Get D-Link DBG-2000 PDF manuals and user guides View all D-Link DBG-2000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 106 highlights

DBG-2000 User Guide The fields available on the Add IKE profiles page 1 and page 2 are as follows: Field Profile name IKE version Exchange mode Local identifier type Remote identifier type DH group Encryption algorithm Authentication algorithm SA lifetime (sec.) Authentication method Pre-shared key Certificate Dead peer detection Detection interval Reconnect after failure VPN tunnel backup Backup tunnel Description Enter a unique name for the IKE profile. Select the version of IKE. IKE phase-1 settings Select the exchange mode: Main or Aggressive. Select the local identifier type. The options are Local WAN IP, FQDN, and User-FQDN. If you select User-FQDN, enter the FQDN name in the Local identifier field. When you select Local WAN IP or FQDN, it uses the Local IP address of the WAN interface, and the FQDN name of the WAN configured on the Dynamic DNS page. Select the remote identifier type. The options are Remote WAN IP, FQDN, and UserFQDN. If you select FQDN or User-FQDN, enter the FQDN name in the Remote identifier field. When you select Remote WAN IP, it uses the remote IP address entered in the VPN policy. Select the DH (Diffie-Hellman) group. It defines the strength of the key used in the key exchange process. Select the encryption algorithm to be followed during key exchange. You may select multiple algorithms. Select the authentication algorithm from the drop-down list. You may select multiple algorithms. It refers to the security association lifetime, and the range varies from 300 to 604800 seconds. Select the authentication method. The options are the Pre-shared key and RSA-Signature (Certificate). Enter the preshared key. This field is available only when you select the Pre-shared key as the Authentication method. Select the certificate to be used for authentication. This field is available only when you select RSA-Signature (Certificate) as the Authentication method. You can enable or disable the Dead peer detection feature. If enabled, it allows you to detect if the remote peer is reachable or not. If it is not reachable, this feature will make the tunnel down. Enter the interval at which you want to send peer detection packets to the peer to check its liveliness. This is the failure count, after which it is considered the other peer as down. Enter the failure count. You can enable or disable the VPN tunnel backup feature. 106

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
The fields available on the
page 1 and page 2 are as follows:
Add IKE profiles
Field
Description
Profile name
Enter a unique name for the IKE profile.
IKE version
Select the version of IKE.
IKE phase-1 settings
Exchange mode
Select the exchange mode:
or
.
Main
Aggressive
Local identifier type
Select the local identifier type. The options are Local WAN IP, FQDN, and User-FQDN. If
you select
, enter the FQDN name in the
field. When you select
User-FQDN
Local identifier
or
, it uses the Local IP address of the WAN interface, and the FQDN
Local WAN IP
FQDN
name of the WAN configured on the
page.
Dynamic DNS
Remote identifier type
Select the remote identifier type. The options are Remote WAN IP, FQDN, and User-
FQDN. If you select
or
, enter the FQDN name in the
FQDN
User-FQDN
Remote identifier
field. When you select
, it uses the remote IP address entered in the VPN
Remote WAN IP
policy.
DH group
Select the DH (
) group. It defines the strength of the key used in the key
Diffie-Hellman
exchange process.
Encryption algorithm
Select the encryption algorithm to be followed during key exchange. You may select
multiple algorithms.
Authentication algorithm
Select the authentication algorithm from the drop-down list. You may select multiple
algorithms.
SA lifetime (sec.)
It refers to the security association lifetime, and the range varies from 300 to 604800
seconds.
Authentication method
Select the authentication method. The options are the Pre-shared key and RSA-Signature
(Certificate).
Pre-shared key
Enter the preshared key. This field is available only when you select the
Pre-shared key
as the
.
Authentication method
Certificate
Select the certificate to be used for authentication. This field is available only when you
select
as the
.
RSA-Signature (Certificate)
Authentication method
Dead peer detection
You can enable or disable the
feature. If enabled, it allows you to
Dead peer detection
detect if the remote peer is reachable or not. If it is not reachable, this feature will make the
tunnel down.
Detection interval
Enter the interval at which you want to send peer detection packets to the peer to check its
liveliness.
Reconnect after failure
This is the failure count, after which it is considered the other peer as down. Enter the
failure count.
VPN tunnel backup
You can enable or disable the
feature.
VPN tunnel backup
Backup tunnel
DBG-2000 User Guide
106