Page 86 / 143
Scroll up to view Page 81 - 85
Billion 800VGT Router
Configuring
IPSec
VPN
in
the
Office
1
2
3
4
5
Item
Function
Description
1
Connection
Name
IPSec
Given
name
of
the
IPSec
connection
Subnet
Select
the
Subnet
button
IP
Address
192.168.1.0
2
Netmask
255.255.255.0
Head
office
network
3
Secure
Gateway
Address
(or
Hostname)
69.121.1.30
IP
address
of
the
head
office
router
(in
WAN
side)
Single
Address
Select
the
Single
Address
button
4
IP
Address
69.121.1.30
Remote
computers
IP
address
ESP
Select
the
ESP
button
Authentication
MD5
Encryption
3DES
Prefer
Forward
Security
None
5
Pre-shared
Key
12345678
Security
plan
86
Chapter
4:
Configuration
Downloaded from
www.Manualslib.com
manuals search engine
Page 89 / 143
Billion 800VGT Router
Active
as
default
route
:
Normally
used
when
the
mode
is
set
to
Dial-out.
If
this
is
selected,
all
packets,
including
internet
packets,
will
route
through
the
VPN
tunnel;
If
this
function
is
enabled,
the
performance
of
your
Internet
connection
may
be
degraded
Click
Apply
after
changing
the
settings.
L2TP
over IPSec (L2TP/IPSec) VPN Connection
IPSec:
Enable
to
enhance
your
L2TP
VPN
security.
Authentication:
Authentication
establishes
the
integrity
of
the
datagram
and
ensures
it
is
not
tampered
with
during transmission
.
There
are
three
options,
Message
Digest
5
(
MD5
),
Secure
Hash
Algorithm
(
SHA1
)
or
NONE
.
SHA1
is
more
resistant
to
brute-force
attacks
than
MD5,
however
it
is
slower.
²
MD5:
A
one-way
hashing
algorithm
that
produces
a
128±bit
hash.
²
SHA1:
A
one-way
hashing
algorithm
that
produces
a
160±bit
hash.
Encryption:
Select
the
encryption
method
from
the
pull-down
menu.
There
are
four
options,
DES
,
3DES
,
AES
and
NONE
.
NONE
means
that
the
connection
is
a
tunnel
only,
with
no
encryption.
3DES
and
AES
are
more
powerful
but
increase
latency.
²
DES:
Stands
for
Data
Encryption
Standard,
it
uses
a
56
bit
encryption
method.
²
3DES:
Stands
for
Triple
Data
Encryption
Standard,
it
uses
a
168
(56*3)
bit
encryption
method.
²
AES:
Stands
for
Advanced
Encryption
Standards,
it
uses
a
128
bit
encryption
method.
Perfect
Forward
Secrecy:
Choose
whether
to
enable
PFS,
using
Diffie-Hellman
public-key
cryptography
to
change
encryption
keys
during
the
second
phase
of
VPN
negotiation.
This
function
provides
better
security,
but
extends
the
VPN
negotiation
time.
Diffie-Hellman
is
a
public-key
cryptography
protocol
that
allows
two
parties
to
establish
a
shared
secret
over
an
unsecured
communication
channel
(i.e.
over
the
Internet).
There
are
three
modes,
MODP
768-bit,
MODP
1024-bit
and
MODP
1536-bit.
MODP
stands
for
Modular
Exponentiation
Groups.
Pre-shared
Key:
This
key
is
for
Internet
Key
Exchange
(IKE)
protocol
and
is
a
string
of
between
4
and
128
characters.
Both
sides
should
use
the
same
key.
IKE
is
used
to
establish
a
shared
security
policy
and it
authenticates
keys
for
services
(such
as
IPSec)
that
require
a
key.
Before
any
IPSec
traffic
can
be
passed,
each
router
must
be
able
to
verify
the
identity
of
its
peer.
This
can
be
done
by
manually
entering
the
pre-shared
key
into
both
sides
of
the
connection
(router
or
hosts).
Remote
Host
Name
(Optional):
Enter
hostname
of
the
remote
VPN
device.
This
is
a
tunnel
identifier
and
should
match
the
Remote
VPN
device
hostname.
If
it
matches
the
tunnel
will
be
connected;
otherwise,
it
will
be
dropped.
Caution:
This
is
only
when
the
router
acts
as
a
VPN
server.
This
option
should
be
used
by
advanced
users
only.
Local
Host
Name
(Optional):
Enter
the
hostname
of
the
Local
VPN
device
that
establishes
the
VPN
tunnel.
By
default,
the
Router’s
default
Hostname
is
home.gateway.
Tunnel
Authentication:
This
enables
the
router
to
authenticate
both
the
L2TP
remote
client
and
L2TP
host.
This
is
only
valid
when
the
L2TP
remote
client
supports
this
feature.
Secret:
The
secure
password
length
should
be
16
characters
(This
may
include
numbers
and/or
characters.)
Click
Apply
after
changing
settings.
89
Chapter
4:
Configuration
Downloaded from
www.Manualslib.com
manuals search engine
19216811.live