TRENDnet TW100-BRV324 Manual

A SERVICE OF

next previous

Broadband VPN Gateway User Guide

ESP Authentication

Generally, you should enable ESP Authentication. There is little

difference between the available algorithms. Just ensure each

endpoint use the same setting.

• The "In" key here must match the "Out" key on the remote

VPN, and the "Out" key here must match the "In" key on the

remote VPN.

• Keys can be in ASCII or Hex (0 ~ 9 and A ~ F)

• For MD5, the keys should be 32 hex/16 ASCII characters.

• For SHA-1, the keys should be 40 hex/20 ASCII characters.

ESP SPI This is required if either ESP Encryption or ESP Authentica-

tion is enabled.

• Each SPI (Security Parameter Index) must be unique.

• The "in" SPI here must match the "out" SPI on the remote

VPN, and the "out" SPI here must match the "in" SPI on the

remote VPN.

• Each SPI should be at least 3 characters.

IKE (Internet Key Exchange)

Direction

Select the desired option:

• Initiator - Only outgoing connections will be created. Incom-

ing connection attempts will be rejected.

• Responder - Only incoming connections will be accepted.

Outgoing traffic which would otherwise result in a connection

will be ignored.

• Both Directions - Both incoming and outgoing connections

are allowed.

Local ID Type

This setting must match the "Remote ID Type" on the remote VPN.

Select the desired option, and enter the required data in the "Local

Identity Data" field.

• WAN IP Address - This is the most common method. If

selected, no input is required.

• Fully Qualified Domain Name - enter the Domain Name

assigned to this device.

• Fully Qualified User name - This name does not have to a

valid Internet Domain Name. E-mail addresses are often used

for this entry.

• DER ANS.1 DN - This must be a DER ANS.1 Domain Name.

Remote ID Type

This setting must match the "Local ID Type" on the remote VPN.

Select the desired option, and enter the required data in the "Re-

mote ID Data" field.

• Remote WAN IP - This is the most common method. If

selected, no input is required.

• Fully Qualified Domain Name - enter the Domain Name

assigned to this device.

• Fully Qualified User name - This name does not have to a

valid Internet Domain Name. E-mail addresses are often used

for this entry.

• DER ANS.1 DN - This must be a DER ANS.1 Domain Name.

80