Cisco DPC3825 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Cisco

DPC3825

Page 56 / 104 Scroll up to view Page 51 - 55

4021196 Rev B

Configure Security

Section

Field Description

Remote

Secure

Gateway

Select the desired option,

IP Addr.

Any

, or

FQDN

. If the remote gateway has a

dynamic IP address, select

Any

FQDN

. If

Any

is selected, then the Gateway will

accept requests from any IP address.

FQDN

is selected, enter the domain name of the remote gateway, so the

Gateway can locate a current IP address using DDNS

The IP address in this field must match the public (WAN or Internet) IP address of

the remote gateway at the other end of this tunnel

Key

Management

Key Exchange Method

The gateway supports both automatic and manual key management. When

automatic key management is selected, Internet Key Exchange (IKE) protocols are

used to negotiate key material for Security Association (SA). If manual key

management is selected, no key negotiation is needed. Basically, manual key

management is used in small static environments or for troubleshooting purposes.

Note that both sides must use the same key management method.

Page 57 / 104

4021196 Rev B

Configure Security

Section

Field Description

Key

Management

(continued)

Select one of the following options for the key exchange method:



Auto (IKE)

–

Encryption:

The Encryption method determines the length of the key used

to encrypt/decrypt ESP packets. Notice that both sides must use the same

method.

–

Authentication:

The Authentication method authenticates the

Encapsulating Security Payload (ESP) packets. Select

MD5

SHA

. Notice

that both sides (VPN endpoints) must use the same method.



MD5: A one-way hashing algorithm that produces a 128-bit digest



SHA: A one-way hashing algorithm that produces a 160-bit digest

–

Perfect Forward Secrecy (PFS)

: If PFS is enabled, IKE Phase 2 negotiation

will generate new key material for IP traffic encryption and authentication.

Note that both sides must have PFS enabled.

–

Pre-Shared Key:

IKE uses the Pre-Shared Key to authenticate the remote

IKE peer. Both character and hexadecimal values are acceptable in this

field, e.g., "My_@123" or "0x4d795f40313233". Note that both sides must use

the same Pre-Shared Key.

–

Key Lifetime:

This field specifies the lifetime of the IKE generated key. If

the time expires, a new key will be renegotiated automatically. The Key

Lifetime may range from 300 to 100,000,000 seconds. The default lifetime is

3600

seconds.



Manual

–

Encryption:

The Encryption method determines the length of the key used

to encrypt/decrypt ESP packets. Notice that both sides must use the same

method.

–

Encryption Key:

This field specifies a key used to encrypt and decrypt IP

traffic. Both character and hexadecimal values are acceptable in this field.

Note that both sides must use the same Encryption Key.

–

Authentication:

The Authentication method authenticates the

Encapsulating Security Payload (ESP) packets. Select MD5 or SHA. Notice

that both sides (VPN endpoints) must use the same method.



MD5: A one-way hashing algorithm that produces a 128-bit digest



SHA: A one-way hashing algorithm that produces a 160-bit digest

–

Authentication Key:

This field specifies a key used to authenticate IP

traffic. Both character and hexadecimal values are acceptable in this field.

Note that both sides must use the same Authentication Key.

–

Inbound SPI/Outbound SPI:

The Security Parameter Index (SPI) is carried

in the ESP header. This enables the receiver to select the SA, under which a

packet should be processed. The SPI is a 32-bit value. Both decimal and

hexadecimal values are acceptable. e.g., "987654321" or "0x3ade68b1". Each

tunnel must have a unique Inbound SPI and Outbound SPI. No two tunnels

share the same SPI. Note that the Inbound SPI must match the remote

gateway's Outbound SPI, and vice versa.

Page 58 / 104

4021196 Rev B

Configure Security

Section

Field Description

Status

This field shows the connection status for the selected tunnel. The state is either

Connected

Disconnected

Buttons

Connect

Click this button to establish a connection for the current VPN tunnel. If you have

made any changes, click

Save Settings

to first apply your changes.

Disconnect

Click this button to break a connection for the current VPN tunnel.

View Log

Click this button to view the VPN log, which shows details of each established

tunnel.

Advanced Settings

If the Key Exchange Method is Auto (IKE), this button provides access to

additional settings relating to IKE. Click this button if the gateway is unable to

establish a VPN tunnel to the remote gateway, and make sure the Advanced

Settings match those on the remote gateway.



Phase 1 - Operation Mode

Select the method appropriate for the remote VPN endpoint.

–

Main

: Main mode is slower but more secure

–

Aggressive

: Aggressive mode is faster but less secure



Local Identity

Select the desired option to match the Remote Identity setting at the other end

of this tunnel.

–

Local IP Address: Your WAN (Internet) IP address

–

Name: Your domain name



Remote Identity

Select the desired option to match the Local Identity setting at the other end of

this tunnel.

–

Local IP Address: WAN (Internet) IP address of the remote VPN endpoint

–

Name: Domain name of the remote VPN endpoint.



Encryption

This is the Encryption algorithm used for the IKE SA. It must match the setting

used at the other end of the tunnel.

Page 59 / 104

4021196 Rev B

Configure Security

View Log

The Security VPN View Log page shows events captured by the firewall. The log

displays the following items:



Description of the event



Number of events that have occurred



Last occurrence of an event



Target and source addresses

You can view the following logs from this page:



Access log



Firewall log



VPN log



Parental Control log

Click

Clear

to clear the log data.

Page 60 / 104

4021196 Rev B

Control Access to the Gateway

Access Restrictions > IP Address Filtering

Use the Access Restrictions IP Filtering page to configure IP address filters. These

filters block a range of IP addresses from accessing the Internet.

Note:

If you are not familiar with the advanced settings detailed in this section,

contact your service provider before you attempt to change any of the residential

gateway default advanced IP filtering settings.

Select the

IP Address Filtering

tab to open the Access Restrictions IP Address

Filtering page. After you make your selections, click

Save Settings

to apply your

changes or

Cancel Changes

to cancel.

Access Restrictions > MAC Address Filtering

Use the Access Restrictions MAC Address Filtering page to configure MAC address

filters. These filters permit you to allow or block a range of MAC addresses from

accessing the Internet based on MAC Address.

Note:

If you are not familiar with the advanced settings detailed in this section,

contact your service provider before you attempt to change any of the residential

gateway default advanced IP filtering settings.

Rate

Popular Cisco Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share