Page 241 / 357 Scroll up to view Page 236 - 240
Vigor2830 Series User’s Guide
229
Allowed Dial-In Type
Determine the dial-in connection with different types.
PPTP -
Allow the remote dial-in user to make a PPTP VPN
connection through the Internet. You should set the User Name
and Password of remote dial-in user below.
IPSec Tunnel-
Allow the remote dial-in user to trigger an IPSec
VPN connection through Internet.
L2TP with IPSec Policy -
Allow the remote dial-in user to
make a L2TP VPN connection through the Internet. You can
select to use L2TP alone or with IPSec. Select from below:
None -
Do not apply the IPSec policy. Accordingly, the VPN
connection employed the L2TP without IPSec policy can be
viewed as one pure L2TP connection.
Nice to Have
- Apply the IPSec policy first, if it is applicable
during negotiation. Otherwise, the dial-in VPN connection
becomes one pure L2TP connection.
Must -
Specify the IPSec policy to be definitely applied on the
L2TP connection.
Specify Remote VPN
Gateway
You can specify the IP address of the remote dial-in user or peer
ID (should be the same with the ID setting in dial-in type) by
checking the box. Also, you should further specify the
corresponding security methods on the right side.
Page 242 / 357
Vigor2830 Series User’s Guide
230
If you uncheck the checkbox
,
the connection type you select
above will apply the authentication methods and security
methods in the general settings.
User Name
This field is applicable when you select PPTP or L2TP with or
without IPSec policy above.
Password
This field is applicable when you select PPTP or L2TP with or
without IPSec policy above.
VJ Compression
VJ Compression is used for TCP/IP protocol header
compression. This field is applicable when you select PPTP or
L2TP with or without IPSec policy above.
IKE Authentication
Method
This group of fields is applicable for IPSec Tunnels and L2TP
with IPSec Policy when you specify the IP address of the remote
node. The only exception is Digital Signature (X.509) can be set
when you select IPSec tunnel either with or without specify the
IP address of the remote node.
Pre-Shared Key -
Check the box of Pre-Shared Key to invoke
this function and type in the required characters (1-63) as the
pre-shared key.
Digital Signature (X.509) –
Check the box of Digital Signature
to invoke this function and select one predefined Profiles set in
the
VPN and Remote Access >>IPSec Peer Identity
.
IPSec Security Method
This group of fields is a must for IPSec Tunnels and L2TP with
IPSec Policy when you specify the remote node.
Medium-
Authentication Header (AH) means data will be
authenticated, but not be encrypted. By default, this option is
active.
High-
Encapsulating Security Payload (ESP) means payload
(data) will be encrypted and authenticated. You may select
encryption algorithm from Data Encryption Standard (DES),
Triple DES (3DES), and AES.
My WAN IP
This field is only applicable when you select PPTP or L2TP
with or without IPSec policy above. The default value is 0.0.0.0,
which means the Vigor router will get a PPP IP address from the
remote router during the IPCP negotiation phase. If the PPP IP
address is fixed by remote side, specify the fixed IP address
here. Do not change the default value if you do not select PPTP
or L2TP.
Remote Gateway IP
This field is only applicable when you select PPTP or L2TP
with or without IPSec policy above. The default value is 0.0.0.0,
which means the Vigor router will get a remote Gateway PPP IP
address from the remote router during the IPCP negotiation
phase. If the PPP IP address is fixed by remote side, specify the
fixed IP address here. Do not change the default value if you do
not select PPTP or L2TP.
Remote Network IP/
Remote Network Mask
Add a static route to direct all traffic destined to this Remote
Network IP Address/Remote Network Mask through the VPN
connection. For IPSec, this is the destination clients IDs of
phase 2 quick mode.
Local Network IP / Local
Display the local network IP and mask for TCP / IP
Page 243 / 357
Vigor2830 Series User’s Guide
231
Network Mask
configuration. You can modify the settings if required.
More
Add a static route to direct all traffic destined to more Remote
Network IP Addresses/ Remote Network Mask through the
VPN connection. This is usually used when you find there are
several subnets behind the remote VPN router.
RIP Direction
The option specifies the direction of RIP (Routing Information
Protocol) packets. You can enable/disable one of direction here.
Herein, we provide four options: TX/RX Both, TX Only, RX
Only, and Disable.
From first subnet to
remote network, you
have to do
If the remote network only allows you to dial in with single IP,
please choose
NAT
, otherwise choose
Route
.
Change default route to
this VPN tunnel
Check this box to change the default route with this VPN tunnel.
Page 244 / 357
Vigor2830 Series User’s Guide
232
4.10.9 Connection Management
You can find the summary table of all VPN connections. You may disconnect any VPN
connection by clicking
Drop
button. You may also aggressively Dial-out by using Dial-out
Tool and clicking
Dial
button.
Dial
Click this button to execute dial out function.
Refresh Seconds
Choose the time for refresh the dial information among 5, 10,
and 30.
Refresh
Click this button to refresh the whole connection status.
Page 245 / 357
Vigor2830 Series User’s Guide
233
4.11 Certificate Management
A digital certificate works as an electronic ID, which is issued by a certification authority
(CA). It contains information such as your name, a serial number, expiration dates etc., and the
digital signature of the certificate-issuing authority so that a recipient can verify that the
certificate is real. Here Vigor router support digital certificates conforming to standard X.509.
Any entity wants to utilize digital certificates should first request a certificate issued by a CA
server. It should also retrieve certificates of other trusted CA servers so it can authenticate the
peer with certificates issued by those trusted CA servers.
Here you can manage generate and manage the local digital certificates, and set trusted CA
certificates. Remember to adjust the time of Vigor router before using the certificate so that
you can get the correct valid period of certificate.
Below shows the menu items for Certificate Management.
4.11.1 Local Certificate
Generate
Click this button to open
Generate Certificate Request
window.

Rate

4.7 / 5 based on 3 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top