DrayTek Vigor-2110 Router Manual PDF (Setup & Configuration Guide)

Page 176 / 275 Scroll up to view Page 171 - 175

Vigor2110 Series User’s Guide

169

High (ESP-Encapsulating Security Payload)-

means payload

(data) will be encrypted and authenticated. Select from below:

DES without Authentication

-Use DES encryption algorithm

and not apply any authentication scheme.

DES with Authentication-

Use DES encryption algorithm and

apply MD5 or SHA-1 authentication algorithm.

3DES without Authentication

-Use triple DES encryption

algorithm and not apply any authentication scheme.

3DES with Authentication-

Use triple DES encryption

algorithm and apply MD5 or SHA-1 authentication algorithm.

AES without Authentication

-Use AES encryption algorithm

and not apply any authentication scheme.

AES with Authentication-

Use AES encryption algorithm and

apply MD5 or SHA-1 authentication algorithm.

Advanced

Specify mode, proposal and key life of each IKE phase,

Gateway, etc.

The window of advance setup is shown as below:

IKE phase 1 mode -

Select from

Main

mode and

Aggressive

mode. The ultimate outcome is to exchange security proposals

to create a protected secure channel.

Main

mode is more secure

than

Aggressive

mode since more exchanges are done in a

secure channel to set up the IPSec session. However, the

Aggressive

mode is faster. The default value in Vigor router is

Main mode.

IKE phase 1 proposal-

To propose the local available

authentication schemes and encryption algorithms to the VPN

peers, and get its feedback to find a match. Two combinations

are available for Aggressive mode and nine for

Main

mode. We

suggest you select the combination that covers the most

schemes.

IKE phase 2 proposal-

To propose the local available

algorithms to the VPN peers, and get its feedback to find a

match. Three combinations are available for both modes. We

suggest you select the combination that covers the most

algorithms.

IKE phase 1 key lifetime-

For security reason, the lifetime of

key should be defined. The default value is 28800 seconds. You

may specify a value in between 900 and 86400 seconds.

IKE phase 2 key lifetime-

For security reason, the lifetime of

key should be defined. The default value is 3600 seconds.

You may specify a value in between 600 and 86400 seconds.

Perfect Forward Secret (PFS)-

The IKE Phase 1 key will be

Page 177 / 275

Vigor2110 Series User’s Guide

170

reused to avoid the computation complexity in phase 2. The

default value is inactive this function.

Local ID -

In

Aggressive

mode, Local ID is on behalf of the IP

address while identity authenticating with remote VPN server.

The length of the ID is limited to 47 characters.

Allowed Dial-In Type

Determine the dial-in connection with different types.

PPTP

Allow the remote dial-in user to make a PPTP VPN connection

through the Internet. You should set the User Name and

Password of remote dial-in user below.

IPSec Tunnel

Allow the remote dial-in user to trigger an IPSec VPN

connection through Internet.

L2TP

Allow the remote dial-in user to make a L2TP VPN connection

through the Internet. You can select to use L2TP alone or with

IPSec. Select from below:

None -

Do not apply the IPSec policy. Accordingly, the VPN

connection employed the L2TP without IPSec policy can be

viewed as one pure L2TP connection.

Nice to Have

- Apply the IPSec policy first, if it is applicable

during negotiation. Otherwise, the dial-in VPN connection

becomes one pure L2TP connection.

Must -

Specify the IPSec policy to be definitely applied on the

L2TP connection.

Specify Remote VPN

Gateway

You can specify the IP address of the remote dial-in user or

peer ID (should be the same with the ID setting in dial-in

Page 178 / 275

Vigor2110 Series User’s Guide

171

type) by checking the box. Also, you should further specify

the corresponding security methods on the right side.

If you uncheck the checkbox

,

the connection type you select

above will apply the authentication methods and security

methods in the general settings.

User Name

This field is applicable when you select PPTP or L2TP with or

without IPSec policy above.

Password

This field is applicable when you select PPTP or L2TP with or

without IPSec policy above.

VJ Compression

VJ Compression is used for TCP/IP protocol header

compression. This field is applicable when you select PPTP or

L2TP with or without IPSec policy above.

IKE Authentication

Method

This group of fields is applicable for IPSec Tunnels and

L2TP with IPSec Policy when you specify the IP address of

the remote node. The only exception is Digital Signature

(X.509) can be set when you select IPSec tunnel either with

or without specify the IP address of the remote node.

Pre-Shared Key -

Check the box of Pre-Shared Key to

invoke this function and type in the required characters

(1-63) as the pre-shared key.

Digital Signature (X.509) –

Check the box of Digital

Signature to invoke this function and select one predefined

Profiles set in the

VPN and Remote Access >>IPSec Peer

Identity

.

IPSec Security Method

This group of fields is a must for IPSec Tunnels and L2TP with

IPSec Policy when you specify the remote node.

Medium-

Authentication Header (AH) means data will be

authenticated, but not be encrypted. By default, this option is

active.

High-

Encapsulating Security Payload (ESP) means payload

(data) will be encrypted and authenticated. You may select

encryption algorithm from Data Encryption Standard (DES),

Triple DES (3DES), and AES.

My WAN IP

This field is only applicable when you select PPTP or L2TP

with or without IPSec policy above. The default value is 0.0.0.0,

which means the Vigor router will get a PPP IP address from

the remote router during the IPCP negotiation phase. If the PPP

IP address is fixed by remote side, specify the fixed IP address

here. Do not change the default value if you do not select PPTP

or L2TP.

Remote Gateway IP

This field is only applicable when you select PPTP or L2TP

with or without IPSec policy above. The default value is 0.0.0.0,

which means the Vigor router will get a remote Gateway PPP

IP address from the remote router during the IPCP negotiation

phase. If the PPP IP address is fixed by remote side, specify the

fixed IP address here. Do not change the default value if you do

not select PPTP or L2TP.

Remote Network IP/

Remote Network Mask

Add a static route to direct all traffic destined to this Remote

Network IP Address/Remote Network Mask through the VPN

connection. For IPSec, this is the destination clients IDs of

Page 179 / 275

Vigor2110 Series User’s Guide

172

phase 2 quick mode.

More

Add a static route to direct all traffic destined to more Remote

Network IP Addresses/ Remote Network Mask through the

VPN connection. This is usually used when you find there are

several subnets behind the remote VPN router.

RIP Direction

The option specifies the direction of RIP (Routing Information

Protocol) packets. You can enable/disable one of direction here.

Herein, we provide four options: TX/RX Both, TX Only, RX

Only, and Disable.

From first subnet to

remote network, you

have to do

If the remote network only allows you to dial in with single

IP, please choose

NAT

, otherwise choose

Route

.

Change default route to

this VPN tunnel

Check this box to change the default route with this VPN

tunnel.

Page 180 / 275

Vigor2110 Series User’s Guide

173

4.10.7 Connection Management

You can find the summary table of all VPN connections. You may disconnect any VPN

connection by clicking

Drop

button. You may also aggressively Dial-out by using Dial-out

Tool and clicking

Dial

button.

Dial

Click this button to execute dial out function.

Refresh Seconds

Choose the time for refresh the dial information among 5, 10,

and 30.

Refresh

Click this button to refresh the whole connection status.

Rate

Popular DrayTek Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share