1. Home
    2. /
  2. Manuals
    3. /
  3. Comtrend
    4. /
  4. CT-5372
    5. /
  5. 17
Page 81 / 137 Scroll up to view Page 76 - 80
If the setup-box was connected with interface "ENET1" and send a dhcp request
with vendor id "Video", CPE's dhcp server will forward this request to ISP's dhcp
server.
And CPE will change the portmapping configuration automatically. The portmapping
configuration will become:
1. Default : ENET2, ENET3, ENET4, Wireless, Wireless_Guest and USB.
2. Video: nas_0_36, nas_0_37, nas_0_38 and ENET1.
80
Page 82 / 137
6.11 IPSec
You can add, edit or remove IPSec tunnel mode connections from this page.
By clicking Add New Connection, you can add a new IPSec termination rule.
The following screen will be displayed.
81
Page 83 / 137
IPSec Connection Name
User-defined label
Remote IPSec Gateway Address
(IP or Domain Name)
The IP address of remote tunnel Gateway,
and you can use numeric address and
domain name
Tunnel access from local IP
addresses
It chooses methods that specify the
acceptable host IP on the local side. It has
single and subnet.
IP Address for VPN
If you choose “single”, please entry the host
IP address for VPN. If you choose “subnet”,
please entry the subnet information for VPN.
Tunnel access from remote IP
addresses
It chooses methods that specify the
acceptable host IP on the remote side. It
has single and subnet.
IP Address for VPN
If you choose “single”, please input the host
IP address for VPN. If you choose “subnet”,
please input the subnet information for VPN.
Key Exchange Method
It has two modes. One is auto and the other
is manual.
Authentication Method
It has either pre-shared key or x.509.
Pre-Shared Key
Input Pre-shared key
Perfect Forward Secrecy
Enable/disable the method that is Perfect
Forward Secrecy.
Advanced IKE Settings
On IPSec Auto mode, you need to choose
the setting of two phases. Click the button
then choose which modes, Encryption
Algorithm, Integrity Algorithm, Select
Diffie-Hellman Group for Key Exchange, key
time on different phases.
82
Page 84 / 137
The following is displayed if the
Show Advanced Settings
button is clicked.
Advanced IKE Settings
Phase 1
Mode
Defines the exchange mode for phase 1 when racoon
is the initiator. It also means the acceptable
exchange mode when racoon is responder. The first
exchange mode is what racoon uses when it is the
initiator.
Encryption Algorithm
Specify the encryption algorithm used for the phase 1
negotiation.
This directive must be defined.
A
lgorithm
is one of following:
des
,
3des
,
aes-128(192, 256)
for Oakley.
Integrity Algorithm
Define the hash algorithm used for the phase 1.
A
lgorithm
is one of following:
md5, sha1
for Oakley.
83
Page 85 / 137
Select Diffie-Hellman Group
for Key Exchange
Define the group used for the Diffie-Hellman
exponentiations.
This directive must be defined.
group
is one of following:
modp768
,
modp1024
,
modp1536
,
modp2048
,
modp3072
,
modp4096
,
modp6144
,
modp8192.
When you want to use aggressive mode, you must
define the same DH group in each proposal.
Key Life Time
Define lifetime of the phase 1 SA proposal.
Phase 2
Encryption Algorithm
Specify the encryption algorithm used for the phase 2
negotiation.
This directive must be defined.
A
lgorithm
is one of following:
des
,
3des
,
aes-128(192, 256)
for Oakley
Integrity Algorithm
Define the hash algorithm used for the phase 2.
A
lgorithm
is one of following:
md5, sha1
for Oakley
Select Diffie-Hellman Group
for Key Exchange
Define the group of Diffie-Hellman exponentiations.
If you do not require PFS then you can omit this
directive.
Any proposal will be accepted if you do not specify
one.
Key Life Time
Define how long an IPsec-SA will be used, in time
units. Any proposal will be accepted, and no
attribute(s) will be proposed to the peer if you do not
specify it(them).
84

Rate

4.5 / 5 based on 2 votes.

Popular Comtrend Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top