Client to Site
IKE Authentication Method
User Group
Mode
Pool Range for Client LAN
For Mode Configuration
Primary DNS
Secondary DNS
Primary Windows Internet
Name Service (WINS)
Server
Secondary WINS Server
Default Domain
RV345/345P Administration Guide
86
Authentication method to be used in IKE negotiations in IKE-based tunnels.
• Pre-shared Key: IKE peers authenticate each other by computing and sending a
keyed hash of data that includes the Pre-shared Key. If the receiving peer is able
to create the same hash independently using its Pre-shared key, it knows that both
peers must share the same secret, thus authenticating the other peer. Pre-shared
keys do not scale well because each IPSec peer must be configured with the
Pre-shared key of every other peer with which it establishes a session. Enter the
Pre-shared Key, and click Enable to enable the Minimum Pre-shared Key
Complexity.
• Certificate: The digital certificate is a package that contains information such as
a certificate bearer's identity: name or IP address, the certificate's serial number,
the certificate's expiration date, and a copy of the certificate bearer's public key.
The standard digital certificate format is defined in the X.509 specification. X.509
version 3 defines the data structure for certificates. Select the certificate from the
drop-down list.
Click Group Name and select the user group (admin or guest).Click Add or Delete
to modify the User Group.
Select the mode from the options.
• Client — Client request for IP address and server supplies the IP addresses from
the configured address range. Select Client and enter the start and end IP addresses
for client's LAN.
• Network Extension Mode (NEM) — Clients propose their subnet for which VPN
services need to be applied on traffic between LAN behind server and subnet
proposed by client.
Start IP — Enter the start IP address for the pool range.End IP - Enter the end IP
address for the pool range.
Enter the IP address of the primary DNS server.
Enter the IP address of the secondary DNS server.
Enter the IP address of the primary WINS.
Enter the IP address of the secondary WINS.
Enter the name of the default domain to be used in remote network.
VPN