Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
19
Views
0
Helpful
0
Comments

Internet Key Exchange (IKE) Policy Settings on RV180 and RV180W VPN Routers

smallbusiness
Community Manager
Community Manager

‎08-18-2017 07:43 PM - edited ‎03-21-2019 12:26 AM

Article ID:2863

Internet Key Exchange (IKE) Policy Settings on RV180 and RV180W VPN Routers

Objective

An Internet Key Exchange (IKE) is a protocol that establishes secure communication between two networks. With IKE, packets are encrypted and locked and unlocked with keys used by two parties. This article explains how to add an IKE profile to the RV180 and RV180W VPN Routers.

Applicable Devices

• RV180

• RV180W

Steps of Procedure

Step 1. Use Router Configuration Utility to choose VPN > IPsec > Advanced VPN Setup from the menu on the left.

Step 2. Under IKE Policy Table, click Add.

Step 3. In the Policy Name field, enter a name for the IKE policy.

Step 4. From the Direction/Type drop-down menu, choose the type of profile you want.

• Initiator — This option will start connections with the remote end.

• Responder — This option will wait for the remote end to start the connection.

• Both — This option will start connections and wait for connections.

Step 5. From the Exchange Mode drop-down menu, choose the type of exchange the profile performs.

• Main — This option has higher security but is slower.

• Aggressive — This option connects faster but has less security.

Step 6. From Local Identifier Type drop-down menu, choose the type of identity the profile has.

• Local WAN (Internet) IP — This option connects through the Internet.

• FQDN — This option is a Fully Qualified Domain Name such as www.example.com. Enter a domain name or an IP address in the Identifier field.

• User-FQDN — This option is an user email address such as user@email.com. Enter a domain name or an IP address in the Identifier field.

• DER ASN1 DN — This option is a distinguished name that uses DER ASN1 to transmit information. Enter a domain name or an IP address in the Identifier field.

Step 7. From the Remote Identifier Type drop-down menu, choose the type of identity the profile has. For FQDN, User-FQDN, and DER ASN1 DN, enter a domain name or an IP address in the Identifier filed.

Step 8. From the Encryption Algorithm drop-down menu, choose an algorithm to encrypt your communications.

• DES — This option is Data Encryption Standard.

• 3DES — This option is Triple Data Encryption Standard.

• AES-128 — Advanced Encryption Standard uses a 128 bit key.

• AES-192 — Advanced Encryption Standard uses a 192 bit key.

• AES-256 — Advanced Encryption Standard uses a 256 bit key.

Step 9. From the Authentication Algorithm drop-down menu, choose an algorithm to authenticate your communications.

• MD5 — Messege Digest Algorithm has a 128 bit hash value.

• SHA-1 — Secure Hash Algorithm has a 160 bit hash value.

• SHA2-256 — Secure Hash Algorithm with a 256 bit hash value.

• SHA2-385 — Secure Hash Algorithm with a 385 bit hash value.

• SHA2-512 — Secure Hash Algorithm has a 512 bit hash value.

Step 10. From the Authentication Method drop-down menu, choose a method to authenticate your communications.

• Pre-Shared Key — This option requires a password. Enter the password in the Pre-Shared Key field.

• RSA-Signature — This option uses certificates to authenticate connection.

Step 11. From the Diffie-Hellman (DH) Group drop-down menu, choose a DH group. The number of bits indicates the level of security. Both ends of the connection must be in the same group.

Step 12. In the SA-Lifetime field, enter how long the Security Association will be valid in seconds.

Step 13. Check the Enable box next to Dead Peer Detection if you want to disable a connection with inactive peer.

Note: If you enabled Dead Peer Detection, enter the interval in seconds between idle messages in the Detection Period Field. In the Reconnect after Failure Count field, enter the number of times idle messages are received before disconnecting.

Step 14. From the XAUTH Type drop-down menu, choose a mode of Extended Authentication (XAUTH). XAUTH is an additional authentication method for VPN clients to encounter.

• None — This option disables XAUTH.

• Edge Device — This option requires you to choose an authentication type from the Authentication Type drop-down menu.

— User Database — User accounts on router are used to authenticate users.

— Radius-PAP — This option uses a RADIUS server and Password Authentication Protocol (PAP) to authenticate users.

— Radius-CHAP — This option uses a RADIUS server and Challenge-Handshake Authentication Protocol (CHAP) to authenticate users. CHAP routinely checks authentication.

• IPsec Host — This option allows the router to be authenticated by a remote gateway. This option requires an username and password. Enter the username for host in the Username field and password in the Password field.

Step 15. Click Save to save changes, Cancel to discard changes, or Back to return to previous page without saving changes.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents