1. Home
    2. /
  2. Manuals
    3. /
  3. Ambit
    4. /
  4. U10C022
    5. /
  5. 10
Page 46 / 64 Scroll up to view Page 41 - 45
42
Web User Interface
Address group type
Define the local address type,
-
IP Subnet, to protect the whole subnet.
-
Single IP address, to protect a single PC
-
IP address range, to protect several PCs
Subnet
Subnet scale.
Mask
Subnet mask value.
Identity type
Select different identity type to identity this wireless router
by
-
WAN IP address
-
IP address
-
FQDN
-
Email address
Identity
The value of corresponding to selected Identity type.
Network address type
Filled in with the IP address or Domain name of the peer
IPSec VPN Gateway, you can select
-
IP address, usually suitable for static public IP address.
-
Fully Qualified Domain Name (FQDN), usually suitable
for dynamic public IP address.
Remote address
Input IP address value when choose IP address in Network
address type. Input FQDN value when selected FQDN in
Network address type. This filed is used to identify specific
remote IPSec VPN gateway which your wireless router will
initiate IPSec VPN connection to.
IPSec settings
Configure the IPSec Protocol related parameters
Pre-shared Key
Type your pre-shared key in this field. A pre-shared key
identifies a
communicating party during a phase 1 IKE negotiation. It is
called "pre-shared" because you have to share it with
another party before you can communicate with them over
a secure connection.
Phase 1 DH group
Select which Diffie-Hellman key group (DH
x
) you want to
use for encryption keys. Choices are:
DH1
- use a 768-bit random number
DH2
- use a 1024-bit random number
DH5 – user a 1536-bit random number
Phase 1 encryption
Select which key size and encryption algorithm to use for
U10C022
Page 47 / 64
43
Web User Interface
data communications. Choices are:
DES
- a 56-bit key with the DES encryption algorithm
3DES
- a 168-bit key with the DES encryption algorithm
wireless router and the remote IPSec router must use the
same algorithms and key , which can be used to encrypt
and decrypt the message or to generate and verify a
message authentication code. Longer keys require more
processing power, resulting in increased latency and
decreased throughput.
AES
- Advanced Encryption Standard is a newer method of
data encryption that also uses a secret key. This
implementation of AES applies a 128-bit key to 128-bit
blocks of data. AES is faster than 3DES. Here you can have
the choice
AES-128, AES-192, AES-256
Phase 1 authentication
Select which hash algorithm to use to authenticate packet
data in the IKE SA. Choices are
SHA1
and
MD5
.
SHA1
is
generally considered stronger than
MD5
, but it is also
slower.
MD5 (Message Digest 5) produces a 128-bit digest to
authenticate packet data.
SHA1 (Secure Hash Algorithm) produces a 160-bit digest to
authenticate packet data.
Phase 1 SA lifetime
Define the length of time before an IKE SA automatically
renegotiates in this field. It may range from 120 to 86400
seconds. A short SA Life Time increases security by forcing
the two VPN gateways to update the encryption and
authentication keys. However, every time the VPN tunnel
renegotiates, all users accessing remote resources are
temporarily disconnected.
Phase 2 encryption
Select which key size and encryption algorithm to use for
data communications. Choices are:
Null –
No data encryption in IPSec SA. Not suggested.
DES
- a 56-bit key with the DES encryption algorithm
3DES
- a 168-bit key with the DES encryption algorithm
wireless router and the remote IPSec router must use the
same algorithms and key , which can be used to encrypt
and decrypt the message or to generate and verify a
message authentication code. Longer keys require more
U10C022
Page 48 / 64
44
Web User Interface
processing power, resulting in increased latency and
decreased throughput.
AES
- Advanced Encryption Standard is a newer method of
data encryption that also uses a secret key. This
implementation of AES applies a 128-bit key to 128-bit
blocks of data. AES is faster than 3DES. Here you can
have the choice
AES-128, AES-192, AES-256
Phase 2 authentication
Select which hash algorithm to use to authenticate packet
data in the IKE SA. Choices are
Null, SHA1
and
MD5
.
SHA1
is generally considered stronger than
MD5
, but it is
also slower.
Phase 2 SA lifetime
Define the length of time before an IPSec SA automatically
renegotiates in this field. It may range from 120 to 86400
seconds.
Show Advanced Settings
Some advanced IPSec VPN configuration is hidden by
default, usually you just keep it with no change.
Key management
Key management allows you to determine whether to use
IKE (ISAKMP) or manual key configuration in order to set
up a VPN.
IKE negotiation mode
Determines how the Security Association (SA) will be
established for each connection through IKE negotiations.
-
Main Mode, which ensures the highest level of security
when the communicating parties are negotiating
authentication (phase 1).
-
Aggressive Mode, which is quicker than Main Mode
because it eliminates several steps when the
communicating parties are negotiating authentication
(phase 1).
Perfect forward secrecy
(PFS)
Perfect Forward Secret (PFS) is disabled (NONE) by
default in phase 2 IPSec SA setup. This allows faster IPSec
setup, but is not so secure. Select DH1, DH2 or DH5 to
enable PFS.
Phase 2 DH group
After enable PFS, you need to choose DHx.
Replay detection
As a VPN setup is processing intensive, the system is
vulnerable to Denial of Service (DOS) attacks. The IPSec
receiver can detect and reject old or duplicate packets to
protect against replay attacks. Enable replay detection by
selecting this check box.
NetBIOS broadcast
NetBIOS (Network Basic Input/Output System) are TCP or
U10C022
Page 49 / 64
45
Web User Interface
forwarding
UDP packets that enable a computer to find other
computers. It may sometimes be necessary to allow
NetBIOS packets to pass through VPN tunnels in order to
allow local computers to find computers on the remote
network and vice versa. Select this check box to send
NetBIOS packets through the VPN connection.
Dead peer detection
Force wireless router to detect if the remote IPSec gateway
is available or not periodically.
Manual Encryption Key
If choose Manual in Key Management field, you need to
input a Manual encryption key for encryption, 16
hexadecimal digits
Manual Authentication
Key
Type a unique authentication key to be used by IPSec, 32
hexadecimal digits
Inbound SPI
Type a unique SPI (Security Parameter Index)
Outbound SPI
Type a unique SPI (Security Parameter Index)
4.4.4 VPN - Event Log
This page allows you to view the VPN Event Log.
Label
Description
Time
Local time mapping to a certain log event.
Description
Detail information of a log.
Refresh
Click to refresh current page to view new log event.
Clear
Click to clear all of the logs.
4.5 P
ARENTAL
C
ONTROL
4.5.1 User Setup
This page allows configuration of users. 'White List Only' feature limits the user to visit only the
sites specified in the Allowed Domain List of his/her content rule.
U10C022
Page 50 / 64
46
Web User Interface
The Parental Control User Setup Page is the master page to which each individual user is linked
to a specified time access rule, content filtering rule, and login password to get to the filtered
content. Each specified user may also be enabled as a trusted user which means that person
will have access to all Internet content regardless of filters that may be set up. This check box
can be used as a simple override to grant a user full access but still having the ability to keep all of
the previous filtering settings stored and available. Session duration timers can also be entered
to allow a finite amount of time that a user has Internet access via the rules entered once
entering their password to get to the Internet for the first time. This allows access to the Internet for
a defined user without having to enter a password every time a new web page is served to the
client. Likewise, there is a password inactivity timer if there is no Internet access for the specified
amount of time in minutes, requiring the user to re-login at expiration to continue using the Internet.
These timed logins insure that a specific user is using the Internet gateway for access and
logging/access can be provided appropriately. Any time a change is made on this page for a
particular user, the Apply button at the bottom of the page needs to be pressed to activate and
store the settings.
Label
Description
User configuration
Input username to create a new user.
Add user
Click to direct add this user into local database even you
haven’t finished the configuration for this user.
U10C022

Rate

4 / 5 based on 1 vote.

Popular Ambit Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top