44
Chapter 5: Setting Up and Configuring the Router
VPN Tab - Gateway to Gateway
10/100 8-Port VPN Router
IP + E-mail Addr. (USER FQDN) Authentication: This selection affords a greater amount of security because 
each side of the tunnel must use the same IP Address as well as the same email. Only one email address can 
be used for one tunnel and may not be applied to another tunnel.These settings must match the Remote 
Group Setup on the other end of the tunnel.  
Dynamic IP + Domain Name (FQDN) Authentication: This setting uses a dynamic IP address, which is 
constantly changing. In addition, the tunnel is confirmed through use of a domain name. Only one domain 
name can be used for one tunnel and may not be applied to another tunnel.These settings must match the 
Remote Group Setup on the other end of the tunnel.  
Dynamic IP + E-mail Addr.(USER FQDN) Authentication: This setting uses a dynamic IP address, which is 
constantly changing. In addition, the tunnel is confirmed through use of an email address. Only one email 
address can be used for one tunnel and may not be applied to another tunnel.These settings must match the 
Remote Group Setup on the other end of the tunnel. 
Remote Security Group Type. Select the local LAN user(s) that can use this VPN tunnel. Remote Security Group 
Type may be a single IP address, a Subnet or an IP address range. The Remote Secure Group must match the 
Local Secure Group on the other end of the tunnel. Selecting IP Address allows only one computer, with the spe-
cific IP Address, access to the tunnel. (The default IP is 192.168.1.0.) If you select Subnet, all computers on the 
local subnet can access the tunnel. The default IP is 192.168.1.0, and default Subnet Mask is 255.255.255.192. If 
you select IP Range, you can specify a range of IP Addresses to access the tunnel. The default IP Range is 
192.168.1.0~254.
IPSec Setup
In order for any encryption to occur, the two ends of the tunnel must agree on the type of encryption and the way 
the data will be decrypted. This is done by sharing a “key” to the encryption code. There are two Keying Modes 
of key management, Manual and IKE with Preshared Key (automatic). 
Manual
If you select Manual, you generate the key yourself, and no key negotiation is needed. Basically, manual key 
management is used in small static environments or for troubleshooting purposes. Both sides must use the same 
Key Management method.
Incoming & Outgoing SPI (Security Parameter Index): SPI is carried in the ESP (Encapsulating Security 
Payload Protocol) header and enables the receiver and sender to select the SA, under which a packet should be 
processed. The hexadecimal values is acceptable, and the valid range is 100~ffffffff. Each tunnel must have a 
unique Inbound SPI and Outbound SPI. No two tunnels share the same SPI. The Incoming SPI here must match the 
Outgoing SPI value at the other end of the tunnel, and vice versa
Figure 5-48: VPN tab - Gateway to Gateway 
IPSec Setup
Bit: a binary digit