Cisco DPC2320 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Cisco

DPC2320

Page 71 / 130 Scroll up to view Page 66 - 70

Configure Advanced Settings

4042831 Rev A

Creating and Configuring IPsec VPN Tunnels

To create and configure IPsec VPN tunnels, click

Add New Tunnel

on the VPN

Termination - Status page. The VPN Setup page opens. The following illustration is

an example of the VPN Setup page.

Page 72 / 130

Chapter 3

Configuring the DOCSIS Residential Gateway

4042831 Rev A

Setup Advanced Settings - VPN Setup Page Description

This section describes the section headings and field descriptions of the Setup

Advanced Settings - VPN Setup page. This page allows you to create, configure, and

control IPsec VPN tunnels.

Tunnel Section

Field Name

Description

Tunnel

Displays existing tunnels and allows each tunnel to be individually

configured.

Name

Displays the name of a group of settings for a single tunnel. If no name

is entered, the tunnels are named sequentially 1, 2, 3, and so on.

Enable/Disable

Enables/disables a VPN tunnel after the tunnel is named and

configured. Click

Apply

to activate the selected setting (Enabled or

Disabled).

Function Keys

The following table describes the function keys associated with the Tunnel section of

the VPN Setup page.

Key

Description

Delete Tunnel

Allows you to delete a tunnel.

Add New Tunnel

Allows you to create a heading for the tunnel settings that you can

select using the Tunnel drop-down menu.

Apply

Activates the selected setting (Enabled or Disabled).

Local Endpoint Settings

The following table describes the fields in the Local endpoint settings section of the

VPN Setup page.

Field Name

Description

Address group type

Allows you to select the address group type for the local VPN access

group. The following types are available:



IP subnet



Single IP address



IP address range

Subnet

Allows you to enter Subnet information based on the selected

Address group type as follows:



For IP subnet, enter the subnet.



For single IP address, enter only the specific IP address.



For IP address range, enter the starting and ending IP addresses.

Page 73 / 130

Configure Advanced Settings

4042831 Rev A

Field Name

Description

Mask

Allows you to enter Mask information based on the selected Address

group type as follows:



For IP subnet, enter the subnet mask.



For single IP address, enter only the specific IP address in the

Subnet field. Leave this field blank.



For IP address range, enter the starting IP and ending IP

addresses.

Identity type

Allows you to select the local Identity type from one of the following

options:



WAN IP address of the router (default)



User-specified IP address



Fully qualified domain name (FQDN)



Email address

This is the identity that the far endpoint will use for identification of

the VPN termination point. The remote VPN endpoint on the other

end of the tunnel should match these settings for its remote endpoint

settings.

Identity

Allows you to enter the identity string after you have selected the

identity type using one of the following formats:



For IP address mode, use the format xxx.xxx.xxx.xxx.



For FQDN, use the format "yourdomain.com."



For email address, use the format "[email protected]."

The remote VPN endpoint on the other end of the tunnel should

match these settings for its remote endpoint settings.

Page 74 / 130

Chapter 3

Configuring the DOCSIS Residential Gateway

4042831 Rev A

Remote Endpoint Settings

These settings control how the local endpoint (router) connects to the far VPN

termination point (the other end of the VPN tunnel).

Field Name

Description

Address group type

Allows you to select the address group type for the remote VPN

access group. The following types are available:



IP subnet



Single IP address



IP address range

The remote VPN endpoint on the other end of the tunnel should

match these settings for its remote endpoint settings.

Subnet

Allows you to enter Subnet information based on the selected

Address group type as follows:



For IP subnet, enter the subnet.



For single IP address, enter only the specific IP address.



For IP address range, enter the starting and ending IP addresses.

Mask

Allows you to enter Mask information based on the selected Address

group type as follows:



For IP subnet, enter the subnet mask.



For single IP address, enter only the specific IP address in the

Subnet field. Leave this field blank.



For IP address range, enter the starting IP and ending IP

addresses.

Identity type

Allows you to select the remote Identity type from one of the

following options:



WAN IP address of the router (default)



User-specified IP address



Fully qualified domain name (FQDN)



Email address

This is the identity that the far endpoint will use for identification of

the VPN termination point. The remote VPN endpoint on the other

end of the tunnel should match these settings for its remote endpoint

settings.

Page 75 / 130

Configure Advanced Settings

4042831 Rev A

Field Name

Description

Identity

Allows you to enter the identity string after you have selected the

identity type using one of the following formats:



For IP address mode, use the format xxx.xxx.xxx.xxx.



For FQDN, use the format "yourdomain.com."



For email address, use the format "[email protected]."

The remote VPN endpoint on the other end of the tunnel should

match these settings for its remote endpoint settings.

Network address

type

Allows you to enter the address type for the endpoint WAN. Choose

one of the following options:



IP address



FQDN

Remote address

Allows you to enter either the IP address or the FQDN of the remote

endpoint depending on what Network Address type you selected.

IPsec Settings

With VPN tunnels, there are two phases of Security Association (SA).



Phase 1 - Phase 1 creates an Internet Key Exchange (IKE) SA.



Phase 2 - When Phase 1 is complete, Phase 2 creates one or more IPsec SAs that

are then used to key IPsec sessions.

Field

Description

Pre-shared key

Allows you to enter the Pre-shared key of the firewall identifier if one

side of the VPN tunnel is using a unique firewall.

Phase 1 DH group

Allows you to select one of following three Diffie-Hellman (DH)

encryption/decryption groups:



768 bits



1024 bits



1536 bits

Diffie-Hellman is a cryptographic technique that uses public and

private keys for encryption and decryption. The higher number of

bits selected, the more secure the connection.

Rate

Popular Cisco Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share