Page 81 / 130
Scroll up to view Page 76 - 80
80
The CPE deco server is running on "Default". And ISP's deco server is running on
PVC 0/36. It is for set-top box use only.
On the LAN side, the PC can get IP address from CPE deco server and access the
Internet via PPPoE (0/33).
If the set-top box was connected with interface "ENET1" and send a deco request
with vendor id "Video", the CPE deco server would forward this request to ISP's deco
server.
Then the CPE will change the PortMapping configuration automatically.
The Port Mapping configuration will become:
1. Default: ENET2, ENET3, ENET4, Wireless and USB.
2. Video: nas_0_36, nas_0_37, nas_0_38 and ENET1.
6.11 IPSec
You can add, edit or remove IPSec tunnel mode connections from this page.
By clicking
Add New Connection
, you can add a new IPSec termination rule.
The following screen will display.
Page 82 / 130
81
IPSec Connection Name
User-defined label
Remote IPSec Gateway Address
(IP or Domain Name)
The IP address of remote tunnel Gateway,
and you can use numeric address and
domain name
Tunnel access from local IP
addresses
It chooses methods that specify the
acceptable host IP on the local side. It has
single and subnet.
IP Address for VPN
If you choose “single”, please entry the host
IP address for VPN. If you choose “subnet”,
please entry the subnet information for VPN.
Tunnel access from remote IP
addresses
It chooses methods that specify the
acceptable host IP on the remote side.
It
has single and subnet.
IP Address for VPN
If you choose “single”, please entry the host
IP address for VPN. If you choose “subnet”,
please entry the subnet information for VPN.
Page 83 / 130
82
Key Exchange Method
It has two modes. One is auto and the other
is manual.
Authentication Method
It has either pre-shared key or x.509.
Pre-Shared Key
Input Pre-shared key
Perfect Forward Secrecy
Enable/disable the method that is Perfect
Forward Secrecy.
Advanced IKE Settings
On IPSec Auto mode, you need to choose
the setting of two phases. Click the button
then choose which modes, Encryption
Algorithm, Integrity Algorithm, Select
Diffie-Hellman Group for Key Exchange, key
time on different phases.
6.12 Certificate
A certificate is a public key, attached with its owner’s information (company name,
server name, personal real name, contact e-mail, postal address, etc) and digital
signatures. There will be one or more digital signatures attached to the certificate,
this indicates that these signatories have verified that the certificate is valid.
6.12.1
Local
Page 84 / 130
83
Click
Create Certificate Request
to generate a certificate signing request. The
certificate signing request can be submitted to the vendor/ISP/ITSP to apply for a
certificate. Some information must be included in the certificate signing request.
Actually, your vendor/ISP/ITSP will ask you to provide the information they require
and to provide the information in the format they regulate. The explanation for each
column in the following table is only for reference.
Click
Apply
to generate a private key and a certificate signing request.
This screen is used to paste the certificate content and the private key provided by
Certificate Name
A user-defined name for the certificate.
Common Name
Usually, it is the fully qualified domain name for the
machine.
Organization Name
The exact legal name of your organization. Do not
abbreviate.
State/Province Name
The state or province where your organization is located. It
cannot be abbreviated.
Country/Region Name The two-letter ISO abbreviation for your country.
Page 85 / 130
84
your vendor/ISP/ITSP.
6.12.2
Trusted CA
CA is the abbreviation for Certificate Authority. CA is a part of the X.509 system. It
is itself a certificate, attached with the owner information of this certificate authority.
But its purpose is not to do encryption/decryption. Its purpose is to sign and issue
certificates; in order to prove the owner information of that certificate is correct.