Page 81 / 130 Scroll up to view Page 76 - 80
Billion 810VGTX Router
Page | 80
SA Lifetime:
Specify the number of minutes that a Security Association (SA) will stay active before new encryption and
authentication keys will be exchanged. There are two kinds of SAs, IKE and IPSec. IKE negotiates and establishes SA
on behalf of IPSec; an IKE SA is used by IKE.
Phase 1 (IKE):
To issue an initial connection request for a new VPN tunnel. The range can be from 5 to
15,000 minutes, and the default is 480 minutes.
Phase 2 (IPSec):
To negotiate and establish secure authentication. The range can be from 5 to 15,000 minutes,
and the default is 60 minutes.
A short SA time increases security by forcing the two parties to update the keys. However, every time the VPN
tunnel re-negotiates, access through the tunnel will be temporarily disconnected.
PING for Keep Alive:
None:
The default setting is ‘None’. In this mode, it will not detect if the remote IPSec peer has been lost or not.
It follows the policy of Disconnection time after no traffic, which the remote IPSec will be disconnected after the
time you set in this function.
PING:
This mode will detect if the remote IPSec peer has been lost or not by pinging the specified IP address.
DPD:
Dead peer detection (DPD) is a keep alive mechanism that enables the router to be detected when the
connection between the router and a remote IPSec peer has been lost. Please note, it must be enabled on
both sites.
PING to the IP:
It is able to Ping the remote PC with the specified IP address and alert if the connection fails. Once
an alert message is received, the router will drop this tunnel connection. Re-establishment of this connection is
required. Default setting is 0.0.0.0 which disables the function.
Interval:
This sets the time interval between Pings to the IP function to monitor the connection status. Default
interval setting is 10 seconds. Time interval can be set from 0 to 3600 second, 0 second disables the function.
Ping to the IP
Interval (sec)
Ping to the IP Action
0.0.0.0
0
No
0.0.0.0
2000
No
xxx.xxx.xxx.xxx (A valid IP Address)
0
No
xxx.xxx.xxx.xxx (A valid IP Address)
2000
Yes, active it in every 2000 seconds
Disconnection Time after no traffic:
It is the NO Response time clock. When no traffic stage time is beyond the
Disconnection time set, Router will automatically halt the tunnel connection and re-establish it base on the
Reconnection Time set. 180 seconds is minimum time interval for this function.
Reconnection Time:
It is the reconnecting time interval after NO TRAFFIC is initiated. 3 minutes is minimum time
interval for this function.
Click Edit/Delete to save your changes.
Page 82 / 130
Billion 810VGTX Router
Page | 81
°
Both office Networks MUST be in different subnets with the LAN-LAN
application.
°
Functions of Pre –shared keys, VPN Connection Type and Security
Algorithms must be identical on both sides.
Example: Configuring an IPSec LAN to LAN VPN Connection
Table 3: Network Configuration and Security Plan
Branch Office
Head Office
Local Network ID
192.168.0.0/24
192.168.0.0/24
Local Router IP
69.1.121.30
69.1.121.3
Remote Network ID
192.168.0.0/24
192.168.0.0/24
Remote Router IP
69.1.121.3
69.1.121.30
IKE Pre-shared Key
12345678
12345678
VPN Connection Type
Tunnel mode
Tunnel mode
VPN Connection Type
ESP:MD5 with AES
ESP:MD5 with AES
Attention
Page 83 / 130
Billion 810VGTX Router
Page | 82
Configuring IPSec VPN in the Head Office
Function
Description
Name
IPSec_HeadOffice
A given name for the IPSec Connection.
Local Area
Subnet
Select Subnet from the Local Network drop-down menu.
IP Address
192.168.1.0
Head office network.
Netmask
255.255.255.0
Remote Secure
Gateway IP (or
Hostname)
69.121.1.30
A given username & password to authenticate branch office
network.
Remote Network
Subnet
Select Subnet from the Remote Network drop- down menu.
IP Address
192.168.1.0
Branch office network.
Netmask
255.255.255.0
Pre-shared Key
12345678
Security plan
Authentication
MD5
Encryption
3DES
Prefer Forward
Security
None
Page 84 / 130
Billion 810VGTX Router
Page | 83
Configuring IPSec VPN in the Branch Office
Function
Description
Name
IPSec_HeadOffice
A given name for the IPSec Connection.
Local Area
Subnet
Select Subnet from the Local Network drop-down menu.
IP Address
192.168.0.0
Branch office network.
Netmask
255.255.255.0
Remote Secure
Gateway IP (or
Hostname)
69.121.1.3
IP address of the head office router (in WAN
side
Remote Network
Subnet
Select Subnet from the Remote Network drop- down menu.
IP Address
192.168.1.0
Head office network.
Netmask
255.255.255.0
Pre-shared Key
12345678
Security plan
Authentication
MD5
Encryption
3DES
Prefer Forward
Security
None
Page 85 / 130
Billion 810VGTX Router
Page | 84
Example: Configuring an IPSec Host to LAN VPN Connection
Configuring IPSec VPN in the Office

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top