Page 231 / 357 Scroll up to view Page 226 - 230
Vigor2830 Series User’s Guide
219
IPSec tunnel.
Pre-Shared Key -
Currently only support Pre-Shared Key
authentication.
Pre-Shared Key-
Specify a key for IKE authentication
Confirm Pre-Shared Key-
Retype the characters to confirm
the pre-shared key.
IPSec Security Method
Medium
-
Authentication Header (AH) means data will be
authenticated, but not be encrypted. By default, this option is
active.
High
-
Encapsulating Security Payload (ESP) means payload
(data) will be encrypted and authenticated. You may select
encryption algorithm from Data Encryption Standard (DES),
Triple DES (3DES), and AES.
4.10.6 IPSec Peer Identity
To use digital certificate for peer authentication in either LAN-to-LAN connection or Remote
User Dial-In connection, here you may edit a table of peer certificate for selection. As shown
below, the router provides
32
entries of digital certificates for peer dial-in users.
Set to Factory Default
Click it to clear all indexes.
Index
Click the number below Index to access into the setting page
of IPSec Peer Identity.
Name
Display the profile name of that index.
Click each index to edit one peer digital certificate. There are three security levels of digital
signature authentication: Fill each necessary field to authenticate the remote peer. The
following explanation will guide you to fill all the necessary fields.
Page 232 / 357
Vigor2830 Series User’s Guide
220
Profile Name
Type the name of the profile.
Accept Any Peer ID
Click to accept any peer regardless of its identity.
Accept Subject
Alternative Name
Click to check one specific field of digital signature to accept
the peer with matching value. The field can be
IP Address,
Domain,
or
E-mail Address
. The box under the Type will
appear according to the type you select and ask you to fill in
corresponding setting.
Accept Subject Name
Click to check the specific fields of digital signature to accept
the peer with matching value. The field includes
Country (C),
State (ST), Location (L), Organization (O), Organization
Unit (OU), Common Name (CN),
and
Email (E)
.
Page 233 / 357
Vigor2830 Series User’s Guide
221
4.10.7 Remote Dial-in User
You can manage remote access by maintaining a table of remote user profile, so that users can
be authenticated to dial-in via VPN connection. You may set parameters including specified
connection peer ID, connection type (VPN connection - including PPTP, IPSec Tunnel, and
L2TP by itself or over IPSec) and corresponding security methods, etc.
The router provides
32
access accounts for dial-in users. Besides, you can extend the user
accounts to the RADIUS server through the built-in RADIUS client function. The following
figure shows the summary table.
Set to Factory Default
Click to clear all indexes.
Index
Click the number below Index to access into the setting page
of Remote Dial-in User.
User
Display the username for the specific dial-in user of the
LAN-to-LAN profile. The symbol
???
represents that the
profile is empty.
Status
Display the access state of the specific dial-in user.
The
symbol V and X represent the specific dial-in user to be active
and inactive, respectively.
Click each index to edit one remote user profile.
Each Dial-In Type requires you to fill the
different corresponding fields on the right.
If the fields gray out, it means you may leave it
untouched. The following explanation will guide you to fill all the necessary fields.
Page 234 / 357
Vigor2830 Series User’s Guide
222
User account and
Authentication
Enable this account
- Check the box to enable this function.
Idle Timeout-
If the dial-in user is idle over the limitation of
the timer, the router will drop this connection. By default, the
Idle Timeout is set to 300 seconds.
Allowed Dial-In Type
PPTP
- Allow the remote dial-in user to make a PPTP VPN
connection through the Internet. You should set the User
Name and Password of remote dial-in user below.
IPSec Tunnel
- Allow the remote dial-in user to make an
IPSec VPN connection through Internet.
L2TP with IPSec Policy
- Allow the remote dial-in user to
make a L2TP VPN connection through the Internet. You can
select to use L2TP alone or with IPSec. Select from below:
None -
Do not apply the IPSec policy. Accordingly, the VPN
connection employed the L2TP without IPSec policy can be
viewed as one pure L2TP connection.
Nice to Have -
Apply the IPSec policy first, if it is applicable
during negotiation. Otherwise, the dial-in VPN connection
becomes one pure L2TP connection.
Must -
Specify the IPSec policy to be definitely applied on the
L2TP connection.
Specify Remote Node
Check the checkbox-
You can specify the IP address of the
remote dial-in user, ISDN number or peer ID (used in IKE
aggressive mode).
Uncheck the checkbox-
This means the connection type you
select above will apply the authentication methods and
Page 235 / 357
Vigor2830 Series User’s Guide
223
security methods in the
general settings
.
Netbios Naming Packet
Pass
– Click it to have an inquiry for data transmission
between the hosts located on both sides of VPN Tunnel while
connecting.
Block
– When there is conflict occurred between the hosts on
both sides of VPN Tunnel in connecting, such function can
block data transmission of Netbios Naming Packet inside the
tunnel.
Multicast via VPN
Some programs might send multicast packets via VPN
connection.
Pass
– Click this button to let multicast packets pass through
the router.
Block
– This is default setting. Click this button to let
multicast packets be blocked by the router.
Subnet
Chose one of the subnet selections for such VPN profile.
User Name
This field is applicable when you select PPTP or L2TP with or
without IPSec policy above.
Password
This field is applicable when you select PPTP or L2TP with or
without IPSec policy above.
Enable Mobile One-Time
Passwords (mOTP)
Check this box to make the authentication with mOTP
function.
PIN Code
– Type the code for authentication (e.g, 1234).
Secret
– Use the 32 digit-secret number generated by mOTP
in the mobile phone (e.g., e759bb6f0e94c7ab4fe6).
IKE Authentication
Method
This group of fields is applicable for IPSec Tunnels and L2TP
with IPSec Policy when you specify the IP address of the
remote node. The only exception is Digital Signature (X.509)
can be set when you select IPSec tunnel either with or without
specify the IP address of the remote node.
Pre-Shared Key -
Check the box of Pre-Shared Key to invoke
this function and type in the required characters (1-63) as the
pre-shared key.
Digital Signature (X.509) –
Check the box of Digital
Signature to invoke this function and Select one predefined
Profiles set in the
VPN and
Remote Access >>IPSec Peer
Identity.
IPSec Security Method
This group of fields is a must for IPSec Tunnels and L2TP
with IPSec Policy when you specify the remote node. Check
the Medium, DES, 3DES or AES box as the security method.
Medium-Authentication Header (AH)
means data will be
authenticated, but not be encrypted. By default, this option is
invoked. You can uncheck it to disable it.
High-Encapsulating Security Payload (ESP)
means payload
(data) will be encrypted and authenticated. You may select
encryption algorithm from Data Encryption Standard (DES),

Rate

4.7 / 5 based on 3 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top