Create a Site-to-Site VPN Connection
Remote Identifier Type
Remote Identifier
Remote IP Type
IP Address
Subnet Mask
Step 2
On the Advanced Settings tab, provide the following:
Aggressive Mode
Compress
NetBIOS Broadcast
Keep-Alive
Dead Peer Detection (DPD)
Enable
Extended Authentication
RV345/345P Administration Guide
82
Select Local WAN IP, Local FQDN, or Local User FQDN from the drop-down list.
Enter the identifier name or IP Address based on your selection
Select IP address or Subnet from the drop-down list.
Enter the IP address of the device that can use this tunnel.
Enter the subnet mask.
There are two modes of IKE SA negotiation — Main Mode and Aggressive Mode.
Main mode is recommended when the network's security is preferred. If network speed
is preferred, Aggressive Mode is recommended. Check Enable to enable Aggressive
Mode, or uncheck Enable to use the Main Mode.
If the Remote Security Gateway Type is one of the Dynamic IP types, Aggressive Mode
is required. The box is checked automatically, and this setting cannot be changed.
A protocol that reduces the size of IP datagrams. Check Compress to enable the router
to propose compression when it starts a connection. If the responder rejects this proposal,
then the router does not implement compression. When the router is the responder, it
accepts compression, even if compression is not enabled. If you enable this feature for
this router, also enable it on the router at the other end of the tunnel.
Broadcast messages used for name resolution in Windows networking to identify
resources such as computers, printers, and file servers. These messages are used by
some software applications and Windows features such as Network Neighborhood.
LAN broadcast traffic is typically not forwarded over a VPN tunnel. However, you can
check this box to allow NetBIOS broadcasts from one end of the tunnel to be rebroadcast
to the other end.
Attempts to re-establish the VPN connection in regular intervals of time.
Click DPD to enable DPD. It sends periodic HELLO/ACK messages to check the status
of the VPN tunnel. DPD option must be enabled on both ends of the VPN tunnel. Specify
the interval between HELLO/ACK messages in the Interval field by entering the
following:
• Delay Time: Enter the time delay between each Hello message.
• Detection Timeout: Enter the timeout to declare that the peer is dead.
• Delay Action: Action to be taken after DPD timeout. Select Clear or Restart
from the drop-down list.
Check Extended Authentication to enable.
For a single user, select User and enter the username and password.
For a group, select Group Name, and select admin or guest from the drop-down list.
VPN