R U/L/H Series
User Guide, Rev. 00 (May 2015)
28
second device and vice versa. We have specified local subnet on second modem with following
settings: IP=192.168.35.1, Network=192.168.35.0, Netmask=255.255.255.0, so on the first
modem we enter following remote subnet: Address=192.168.35.0, Netmask=255.255.255.0. After
specifying local and remote subnets, you should enter remote gateway which should be other
device's IP. In our case we enter 123.45.67.2 on first modem and 123.45.67.1 on second one.
Afterwards we have to define first phase of the proposal. We choose negotiation mode-aggressive
is les secure, but faster than main. Next setting is device's identifier. The most common setting is
My IP address for PSK authentication and RSA Cert subject for RSA certificates. Now, please choose
encryption, hash algorithm and DH key group-they must be the same on both sides of connection.
Blowfish encryption is usually the fastest and AES is the slowest but most secure. You can optionally
set lifetime of phase 1 or leave the field blank to use default value. The most important setting of
phase 1 is choosing authentication method: Pre-shared key is like password, you have to enter the
same key on both sides. More sophisticated authentication method is using RSA certificates, but
you need to generate certificate and key for every device. You have two options here: either input
other device's certificate in Peer certificate field or add CA certificate (we will cover that topic later).