1. Home
    2. /
  2. Manuals
    3. /
  3. Billion
    4. /
  4. BiPAC-7404VGO
    5. /
  5. 18
Page 86 / 155 Scroll up to view Page 81 - 85
VoIP/(802.11g) ADSL2+ (VPN) Firewall Router
Chapter 4: Configuration
85
IPSec VPN Connection
Connection Name:
User-defined name for the connection (e.g. “connection to office”).
Local Network:
Set the IP address, subnet or address range of the local network.
~
Single Address:
The IP address of the local host.
~
Subnet:
The subnet of the local network. For example, IP: 192.168.1.0 with netmask
255.255.255.0 specifies one class C subnet starting from 192.168.1.1 (i.e. 192.168.1.1 through to
192.168.1.254).
~
IP Range:
The IP address range of the local network. For example, IP: 192.168.1.1, end IP:
192.168.1.10.
Remote Secure Gateway Address (or Domain Name):
The IP address or hostname of the remote VPN
device that is connected and establishes a VPN tunnel.
Remote Network:
Set the IP address, subnet or address range of the remote network.
Proposal:
Select the IPSec security method. There are two methods of checking the authentication
information, AH (authentication header) and ESP (Encapsulating Security Payload). Use ESP for greater
security so that data will be encrypted and authenticated. Using AH data will be authenticated but not
encrypted.
Authentication:
Authentication establishes the integrity of the datagram and ensures it is not tampered
with in transmit. There are three options, Message Digest 5 (
MD5
), Secure Hash Algorithm (
SHA1
) or
NONE
. SHA1 is more resistant to brute-force attacks than MD5, however it is slower.
~
MD5:
A one-way hashing algorithm that produces a 128
bit hash.
~
SHA1:
A one-way hashing algorithm that produces a 160
bit hash.
Encryption:
Select the encryption method from the pull-down menu. There are several options,
DES
,
3DES
,
AES (128, 192 and 256)
and
NULL
. NULL means it is a tunnel only with no encryption. 3DES and
AES are more powerful but increase latency.
~
DES:
Stands for Data Encryption Standard, it uses 56 bits as an encryption method.
Page 87 / 155
VoIP/(802.11g) ADSL2+ (VPN) Firewall Router
Chapter 4: Configuration
86
~
3DES:
Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption
method.
~
AES:
Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as
encryption method.
Perfect Forward Secrecy:
Choose whether to enable PFS using Diffie-Hellman public-key cryptography
to change encryption keys during the second phase of VPN negotiation. This function will provide better
security, but extends the VPN negotiation time. Diffie-Hellman is a public-key cryptography protocol that
allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the
Internet). There are three modes, MODP 768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for
Modular Exponentiation Groups.
Pre-shared Key:
This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128 characters.
Both sides should use the same key. IKE is used to establish a shared security policy and authenticated
keys for services (such as IPSec) that require a key. Before any IPSec traffic can be passed, each router
must be able to verify the identity of its peer. This can be done by manually entering the pre-shared key
into both sides (router or hosts).
Select the
Apply
button to apply your changes.
Page 88 / 155
VoIP/(802.11g) ADSL2+ (VPN) Firewall Router
Chapter 4: Configuration
87
Advanced Option
This function is only available after completed creating an IPSec account. Click
Advanced Option
to
change the following settings:
IKE (Internet key Exchange) Mode:
Select IKE mode to Main mode or Aggressive mode.
This IKE
provides secured key generation and key management.
IKE Proposal:
Hash Function:
It is a Message Digest algorithm which coverts any length of a message into a unique
set of bits.
It is widely used MD5 (Message Digest) and SHA-1 (Secure Hash Algorithm) algorithms.
SHA1 is more resistant to brute-force attacks than MD5, however it is slower.
~
MD5:
A one-way hashing algorithm that produces a 128
bit hash.
~
SHA1:
A one-way hashing algorithm that produces a 160
bit hash
Encryption:
Select the encryption method from the pull-down menu. There are several options,
DES
,
3DES
and
AES (128, 192 and 256)
. 3DES and AES are more powerful but increase latency.
~
DES:
Stands for Data Encryption Standard, it uses 56 bits as an encryption method.
~
3DES:
Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption
method.
Page 89 / 155
VoIP/(802.11g) ADSL2+ (VPN) Firewall Router
Chapter 4: Configuration
88
~
AES:
Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as
encryption method.
Diffie-Hellman Group:
It is a public-key cryptography protocol that allows two parties to establish a
shared secret over an unsecured communication channel (i.e. over the Internet). There are three modes,
MODP 768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for Modular Exponentiation Groups.
Local ID:
~
Type:
Specify local ID type.
~
Content:
Input ID’s information, like domain name
www.ipsectest.com
.
Remote ID:
~
Type:
Specify Remote ID type.
~
Identifier:
Input remote ID’s information, like domain name
www.ipsectest.com
.
SA Lifetime:
Specify the number of minutes that a Security Association (SA) will stay active before new
encryption and authentication key will be exchanged. There are two kinds of SAs, IKE and IPSec. IKE
negotiates and establishes SA on behalf of IPSec, an IKE SA is used by IKE.
~
Phase 1 (IKE):
To issue an initial connection request for a new VPN tunnel. The range can be
from 5 to 15,000 minutes, and the default is 480 minutes.
~
Phase 2 (IPSec):
To negotiate and establish secure authentication. The range can be from 5 to
15,000 minutes, and the default is 60 minutes.
A short SA time increases security by forcing the two parties to update the keys. However, every
time the VPN tunnel re-negotiates, access through the tunnel will be temporarily disconnected.
Ping to Keep Alive:
PING to the IP:
It is able to IP Ping the remote PC with the specified IP address and alert when the
connection fails.
Once alter message is received, Router will drop this tunnel connection.
Re-establish
of this connection is required. Default setting is 0.0.0.0 which disables the function.
Interval:
This sets the time interval between
Pings to the IP
function to monitor the connection status.
Default interval setting is 10 seconds.
Time interval can be set from 0 to 3600 second, 0 second
disables the function.
0.0.0.0
0
No
xxx.xxx.xxx.xxx (A valid IP Address)
0
No
Disconnection Time after no traffic:
It is the NO Response time clock.
When no traffic stage time is
beyond the Disconnection time set, Router will automatically halt the tunnel connection and re-establish it
base on the
Reconnection Time
set.
180 seconds
is minimum time interval for this function.
Reconnection Time:
It is the reconnecting time interval after NO TRAFFIC is initiated.
3 minutes
is
minimum time interval for this function.
Select the
Apply
button to update the settings.
Page 90 / 155
VoIP/(802.11g) ADSL2+ (VPN) Firewall Router
Chapter 4: Configuration
89
Example: Configuring a IPSec LAN-to-LAN VPN Connection
Table 3: Network Configuration and Security Plan
Branch Office
Head Office
Local Network ID
192.168.0.0/24
192.168.1.0/24
Local Router IP
69.1.121.30
69.1.121.3
Remote Network ID
192.168.1.0/24
192.168.0.0/24
Remote Router IP
69.1.121.3
69.1.121.30
IKE Pre-shared Key
12345678
12345678
VPN Connection Type
Tunnel mode
Tunnel mode
Security Algorithm
ESP:MD5 with AES
ESP:MD5 with AES
Both office LAN networks
MUST in different subnet
with LAN to LAN application.
Functions of
Pre-shared Key, VPN Connection Type and Security Algorithm
MUST BE
identically set up on both sides.
Attention

Rate

4 / 5 based on 1 vote.

Popular Billion Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top