Cisco EPC2425 Router Manual PDF (Setup & Configuration Guide)

Page 61 / 110 Scroll up to view Page 56 - 60

4028315 Rev A

61

How Do I Configure My DOCSIS Residential Gateway?

Field Name

Description

Subnet

Allows you to enter Subnet information based on the selected Address

group type as follows:

±

For IP subnet, enter the subnet

±

For Single IP address, enter only the specific IP address

±

For IP address range, enter the starting and ending IP addresses

Mask

Allows you to enter Mask information based on the selected Address

group type as follows:

±

For IP subnet, enter the subnet mask

±

For Single IP address, enter only the specific IP address in the

Subnet field. Leave this field blank.

±

For IP address range, enter the starting IP and ending IP addresses

Identity type

Allows you to select the local Identity type from one of the following

options:

±

WAN IP address of the router(default)

±

User-specified IP address

±

Fully qualified domain name (FQDN)

±

Email address

This is the identity that the far endpoint will use for identification of the

VPN termination point. The remote VPN endpoint on the other end of

the tunnel should match these settings for its remote endpoint settings

Identity

Allows you to enter the identity string after you have selected the

identity type using one of the following formats:

±

For IP address mode use the format xxx.xxx.xxx.xxx

±

For FQDN use the format "yourdomain.com"

±

For email address use the format "[email protected]"

The remote VPN endpoint on the other end of the tunnel should match

these settings for its remote endpoint settings

Page 62 / 110

62

4028315 Rev A

How Do I Configure My DOCSIS Residential Gateway?

Remote Endpoint Settings

These settings control how the local endpoint (router) connects to the far VPN

termination point (the other end of the VPN tunnel).

Field Name

Description

Address group type

Allows you to select the address group type for the remote VPN access

group. The following types are available:

±

IP subnet

±

Single IP address

±

IP address range

The remote VPN endpoint on the other end of the tunnel should match

these settings for its remote endpoint settings

Subnet

Allows you to enter Subnet information based on the selected Address

group type as follows:

±

For IP subnet, enter the subnet

±

For Single IP address, enter only the specific IP address

±

For IP address range, enter the starting and ending IP addresses

Mask

Allows you to enter Mask information based on the selected Address

group type as follows:

±

For IP subnet, enter the subnet mask

±

For Single IP address, enter only the specific IP address in the

Subnet field. Leave this field blank.

±

For IP address range, enter the starting IP and ending IP addresses

Identity type

Allows you to select the remote Identity type from one of the following

options:

±

WAN IP address of the router(default)

±

User-specified IP address

±

Fully qualified domain name (FQDN)

±

Email address

This is the identity that the far endpoint will use for identification of the

VPN termination point. The remote VPN endpoint on the other end of

the tunnel should match these settings for its remote endpoint settings

Page 63 / 110

4028315 Rev A

63

How Do I Configure My DOCSIS Residential Gateway?

Field Name

Description

Identity

Allows you to enter the identity string after you have selected the

identity type using one of the following formats:

±

For IP address mode use the format xxx.xxx.xxx.xxx

±

For FQDN use the format "yourdomain.com"

±

For email address u se the format "[email protected]"

The remote VPN endpoint on the other end of the tunnel should match

these settings for its remote endpoint settings

Network address

type

Allows you to enter the address type for the endpoint WAN. Choose

one of the following options:

±

IP address

±

FQDN

Remote address

Allows you to enter either the IP address or the FQDN of the remote

endpoint depending on what Network Address type you selected

IPsec Settings

With VPN tunnels there are two phases of Security Association (SA).

Phase 1 creates an Internet Key Exchange (IKE) SA

When Phase 1 is complete, Phase 2 creates one or more IPsec SAs that are then

used to key IPsec sessions

Field

Description

Pre-shared key

Allows you to enter the Pre-shared key of the firewall identifier if one

side of the VPN tunnel is using a unique firewall

Phase 1 DH group

Allows you to select one of following three Diffie-Hellman (DH)

encryption/decryption groups:

±

768 bits

±

1024 bits

±

1536 bits

Diffie-Hellman is a cryptographic technique that uses public and

private keys for encryption and decryption. The higher number of bits

selected, the more secure the connection

Page 64 / 110

64

4028315 Rev A

How Do I Configure My DOCSIS Residential Gateway?

Field

Description

Phase 1 encryption

Allows you to select the form of encryption to secure the VPN

connection between endpoints. Select from the following five

encryption types:

±

DES

±

3DES

±

AES-128

±

AES-192

±

AES-256

You may choose any encryption type as long as the other end of the

VPN tunnel uses the same method

Phase 1 authentication

Allows you to select an authentication type for another level of

security. Select one of the following authentication types:

±

MD5

±

SHA

You may choose either authentication type as long as the other end of

the VPN tunnel uses the same method

Note:

SHA is recommended because it is more secure.

Phase 1 SA lifetime

Allows you to enter the number of seconds for an individual rotating

key to last until a re-key negotiation between each endpoint occurs.

Smaller lifetimes are generally more secure since it would give a

hacker a smaller amount of time to try to crack the key. However, key

negotiation does take up bandwidth, so network throughput is

sacrificed with small lifetimes. The default setting is 28,800 seconds.

Phase 2 encryption

Allows you to select the form of encryption to secure the VPN

connection between endpoints. Select from the following five

encryption types:

±

DES

±

3DES

±

AES-128

±

AES-192

±

AES-256

You may select any form of encryption as long as long as the other end

of the VPN tunnel uses the same method

Note:

3DES encryption is commonly used, but AES is recommended

because it is very difficult to crack

Page 65 / 110

4028315 Rev A

65

How Do I Configure My DOCSIS Residential Gateway?

Field

Description

Phase 2 authentication

Allows you to select an authentication type for another level of

security. Select one of the following three authentication types:

±

MD5

±

SHA

±

Null (none)

You may choose any authentication type as long as the other end of the

VPN tunnel uses the same method

Note:

SHA is recommended because it is more secure.

Phase 2 SA lifetime

Allows you to enter the number of seconds for an individual rotating

key to last until a re-key negotiation between each endpoint occurs.

Smaller lifetimes are generally more secure since it would give a

hacker a smaller amount of time to try to crack the key. However, key

negotiation does take up bandwidth, so network throughput is

sacrificed with small lifetimes. The default setting for Phase 2 is 3,600

seconds.

Configuring Firewall Protection

Use the Setup Firewall - Options page to configure webpage filtering and firewall

protection. This page allows you to enable various firewall protection filters.

Note:

If you are not familiar with the advanced settings detailed in this section,

contact your service provider before you attempt to change any of the residential

gateway default firewall options settings.

Click

Options

in the Firewall section of the Setup page to access the Setup Firewall -

Options page.

Rate

Popular Cisco Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share