Page 56 / 104 Scroll up to view Page 51 - 55
56
4021196 Rev B
Configure Security
Section
Field Description
Remote
Secure
Gateway
Select the desired option,
IP Addr.
,
Any
, or
FQDN
. If the remote gateway has a
dynamic IP address, select
Any
or
FQDN
. If
Any
is selected, then the Gateway will
accept requests from any IP address.
FQDN
If
FQDN
is selected, enter the domain name of the remote gateway, so the
Gateway can locate a current IP address using DDNS
IP
The IP address in this field must match the public (WAN or Internet) IP address of
the remote gateway at the other end of this tunnel
Key
Management
Key Exchange Method
The gateway supports both automatic and manual key management. When
automatic key management is selected, Internet Key Exchange (IKE) protocols are
used to negotiate key material for Security Association (SA). If manual key
management is selected, no key negotiation is needed. Basically, manual key
management is used in small static environments or for troubleshooting purposes.
Note that both sides must use the same key management method.
Page 57 / 104
4021196 Rev B
57
Configure Security
Section
Field Description
Key
Management
(continued)
Select one of the following options for the key exchange method:
Auto (IKE)
Encryption:
The Encryption method determines the length of the key used
to encrypt/decrypt ESP packets. Notice that both sides must use the same
method.
Authentication:
The Authentication method authenticates the
Encapsulating Security Payload (ESP) packets. Select
MD5
or
SHA
. Notice
that both sides (VPN endpoints) must use the same method.
MD5: A one-way hashing algorithm that produces a 128-bit digest
SHA: A one-way hashing algorithm that produces a 160-bit digest
Perfect Forward Secrecy (PFS)
: If PFS is enabled, IKE Phase 2 negotiation
will generate new key material for IP traffic encryption and authentication.
Note that both sides must have PFS enabled.
Pre-Shared Key:
IKE uses the Pre-Shared Key to authenticate the remote
IKE peer. Both character and hexadecimal values are acceptable in this
field, e.g., "My_@123" or "0x4d795f40313233". Note that both sides must use
the same Pre-Shared Key.
Key Lifetime:
This field specifies the lifetime of the IKE generated key. If
the time expires, a new key will be renegotiated automatically. The Key
Lifetime may range from 300 to 100,000,000 seconds. The default lifetime is
3600
seconds.
Manual
Encryption:
The Encryption method determines the length of the key used
to encrypt/decrypt ESP packets. Notice that both sides must use the same
method.
Encryption Key:
This field specifies a key used to encrypt and decrypt IP
traffic. Both character and hexadecimal values are acceptable in this field.
Note that both sides must use the same Encryption Key.
Authentication:
The Authentication method authenticates the
Encapsulating Security Payload (ESP) packets. Select MD5 or SHA. Notice
that both sides (VPN endpoints) must use the same method.
MD5: A one-way hashing algorithm that produces a 128-bit digest
SHA: A one-way hashing algorithm that produces a 160-bit digest
Authentication Key:
This field specifies a key used to authenticate IP
traffic. Both character and hexadecimal values are acceptable in this field.
Note that both sides must use the same Authentication Key.
Inbound SPI/Outbound SPI:
The Security Parameter Index (SPI) is carried
in the ESP header. This enables the receiver to select the SA, under which a
packet should be processed. The SPI is a 32-bit value. Both decimal and
hexadecimal values are acceptable. e.g., "987654321" or "0x3ade68b1". Each
tunnel must have a unique Inbound SPI and Outbound SPI. No two tunnels
share the same SPI. Note that the Inbound SPI must match the remote
gateway's Outbound SPI, and vice versa.
Page 58 / 104
58
4021196 Rev B
Configure Security
Section
Field Description
Status
This field shows the connection status for the selected tunnel. The state is either
Connected
or
Disconnected
.
Buttons
Connect
Click this button to establish a connection for the current VPN tunnel. If you have
made any changes, click
Save Settings
to first apply your changes.
Disconnect
Click this button to break a connection for the current VPN tunnel.
View Log
Click this button to view the VPN log, which shows details of each established
tunnel.
Advanced Settings
If the Key Exchange Method is Auto (IKE), this button provides access to
additional settings relating to IKE. Click this button if the gateway is unable to
establish a VPN tunnel to the remote gateway, and make sure the Advanced
Settings match those on the remote gateway.
Phase 1 - Operation Mode
Select the method appropriate for the remote VPN endpoint.
Main
: Main mode is slower but more secure
Aggressive
: Aggressive mode is faster but less secure
Local Identity
Select the desired option to match the Remote Identity setting at the other end
of this tunnel.
Local IP Address: Your WAN (Internet) IP address
Name: Your domain name
Remote Identity
Select the desired option to match the Local Identity setting at the other end of
this tunnel.
Local IP Address: WAN (Internet) IP address of the remote VPN endpoint
Name: Domain name of the remote VPN endpoint.
Encryption
This is the Encryption algorithm used for the IKE SA. It must match the setting
used at the other end of the tunnel.
Page 59 / 104
4021196 Rev B
59
Configure Security
View Log
The Security VPN View Log page shows events captured by the firewall. The log
displays the following items:
Description of the event
Number of events that have occurred
Last occurrence of an event
Target and source addresses
You can view the following logs from this page:
Access log
Firewall log
VPN log
Parental Control log
Click
Clear
to clear the log data.
Page 60 / 104
60
4021196 Rev B
Control Access to the Gateway
Control Access to the Gateway
Access Restrictions > IP Address Filtering
Use the Access Restrictions IP Filtering page to configure IP address filters. These
filters block a range of IP addresses from accessing the Internet.
Note:
If you are not familiar with the advanced settings detailed in this section,
contact your service provider before you attempt to change any of the residential
gateway default advanced IP filtering settings.
Select the
IP Address Filtering
tab to open the Access Restrictions IP Address
Filtering page. After you make your selections, click
Save Settings
to apply your
changes or
Cancel Changes
to cancel.
Access Restrictions > MAC Address Filtering
Use the Access Restrictions MAC Address Filtering page to configure MAC address
filters. These filters permit you to allow or block a range of MAC addresses from
accessing the Internet based on MAC Address.
Note:
If you are not familiar with the advanced settings detailed in this section,
contact your service provider before you attempt to change any of the residential
gateway default advanced IP filtering settings.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top