80

The CPE deco server is running on "Default". And ISP's deco server is running on

PVC 0/36. It is for set-top box use only.

On the LAN side, the PC can get IP address from CPE deco server and access the

Internet via PPPoE (0/33).

If the set-top box was connected with interface "ENET1" and send a deco request

with vendor id "Video", the CPE deco server would forward this request to ISP's deco

server.

Then the CPE will change the PortMapping configuration automatically.

The Port Mapping configuration will become:

1. Default: ENET2, ENET3, ENET4, Wireless and USB.

2. Video: nas_0_36, nas_0_37, nas_0_38 and ENET1.

6.11 IPSec

You can add, edit or remove IPSec tunnel mode connections from this page.

By clicking

Add New Connection

, you can add a new IPSec termination rule.

The following screen will display.

81

IPSec Connection Name

User-defined label

Remote IPSec Gateway Address

(IP or Domain Name)

The IP address of remote tunnel Gateway,

and you can use numeric address and

domain name

Tunnel access from local IP

addresses

It chooses methods that specify the

acceptable host IP on the local side. It has

single and subnet.

IP Address for VPN

If you choose “single”, please entry the host

IP address for VPN. If you choose “subnet”,

please entry the subnet information for VPN.

Tunnel access from remote IP

addresses

It chooses methods that specify the

acceptable host IP on the remote side.

It

has single and subnet.

IP Address for VPN

If you choose “single”, please entry the host

IP address for VPN. If you choose “subnet”,

please entry the subnet information for VPN.

82

Key Exchange Method

It has two modes. One is auto and the other

is manual.

Authentication Method

It has either pre-shared key or x.509.

Pre-Shared Key

Input Pre-shared key

Perfect Forward Secrecy

Enable/disable the method that is Perfect

Forward Secrecy.

Advanced IKE Settings

On IPSec Auto mode, you need to choose

the setting of two phases. Click the button

then choose which modes, Encryption

Algorithm, Integrity Algorithm, Select

Diffie-Hellman Group for Key Exchange, key

time on different phases.

6.12 Certificate

A certificate is a public key, attached with its owner’s information (company name,

server name, personal real name, contact e-mail, postal address, etc) and digital

signatures. There will be one or more digital signatures attached to the certificate,

this indicates that these signatories have verified that the certificate is valid.

6.12.1

Local

83

Click

Create Certificate Request

to generate a certificate signing request. The

certificate signing request can be submitted to the vendor/ISP/ITSP to apply for a

certificate. Some information must be included in the certificate signing request.

Actually, your vendor/ISP/ITSP will ask you to provide the information they require

and to provide the information in the format they regulate. The explanation for each

column in the following table is only for reference.

Click

Apply

to generate a private key and a certificate signing request.

This screen is used to paste the certificate content and the private key provided by

Certificate Name

A user-defined name for the certificate.

Common Name

Usually, it is the fully qualified domain name for the

machine.

Organization Name

The exact legal name of your organization. Do not

abbreviate.

State/Province Name

The state or province where your organization is located. It

cannot be abbreviated.

Country/Region Name The two-letter ISO abbreviation for your country.

84

your vendor/ISP/ITSP.

6.12.2

Trusted CA

CA is the abbreviation for Certificate Authority. CA is a part of the X.509 system. It

is itself a certificate, attached with the owner information of this certificate authority.

But its purpose is not to do encryption/decryption. Its purpose is to sign and issue

certificates; in order to prove the owner information of that certificate is correct.