Page 216 / 335 Scroll up to view Page 211 - 215
Vigor2710 Series User’s Guide
204
are available for Aggressive mode and nine for
Main
mode.
We suggest you select the combination that covers the most
schemes.
IKE phase 2 proposal-
To propose the local available
algorithms to the VPN peers, and get its feedback to find a
match. Three combinations are available for both modes. We
suggest you select the combination that covers the most
algorithms.
IKE phase 1 key lifetime-
For security reason, the lifetime of
key should be defined. The default value is 28800 seconds.
You may specify a value in between 900 and 86400 seconds.
IKE phase 2 key lifetime-
For security reason, the lifetime of
key should be defined. The default value is 3600 seconds.
You may specify a value in between 600 and 86400 seconds.
Perfect Forward Secret (PFS)-
The IKE Phase 1 key will be
reused to avoid the computation complexity in phase 2. The
default value is inactive this function.
Local ID-
In
Aggressive
mode, Local ID is on behalf of the IP
address while identity authenticating with remote VPN server.
The length of the ID is limited to 47 characters.
Allowed Dial-In Type
Determine the dial-in connection with different types.
PPTP -
Allow the remote dial-in user to make a PPTP VPN
Page 217 / 335
Vigor2710 Series User’s Guide
205
connection through the Internet. You should set the User
Name and Password of remote dial-in user below.
IPSec Tunnel-
Allow the remote dial-in user to trigger an
IPSec VPN connection through Internet.
L2TP with IPSec Policy -
Allow the remote dial-in user to
make a L2TP VPN connection through the Internet. You can
select to use L2TP alone or with IPSec. Select from below:
None -
Do not apply the IPSec policy. Accordingly, the VPN
connection employed the L2TP without IPSec policy can be
viewed as one pure L2TP connection.
Nice to Have
- Apply the IPSec policy first, if it is applicable
during negotiation. Otherwise, the dial-in VPN connection
becomes one pure L2TP connection.
Must -
Specify the IPSec policy to be definitely applied on the
L2TP connection.
Specify Remote VPN
Gateway
You can specify the IP address of the remote dial-in user or
peer ID (should be the same with the ID setting in dial-in type)
by checking the box. Also, you should further specify the
corresponding security methods on the right side.
If you uncheck the checkbox
,
the connection type you select
above will apply the authentication methods and security
methods in the general settings.
User Name
This field is applicable when you select PPTP or L2TP with or
without IPSec policy above.
Password
This field is applicable when you select PPTP or L2TP with or
without IPSec policy above.
VJ Compression
VJ Compression is used for TCP/IP protocol header
compression. This field is applicable when you select PPTP or
L2TP with or without IPSec policy above.
IKE Authentication
Method
This group of fields is applicable for IPSec Tunnels and L2TP
with IPSec Policy when you specify the IP address of the
remote node. The only exception is Digital Signature (X.509)
can be set when you select IPSec tunnel either with or without
specify the IP address of the remote node.
Pre-Shared Key -
Check the box of Pre-Shared Key to invoke
this function and type in the required characters (1-63) as the
pre-shared key.
Digital Signature (X.509) –
Check the box of Digital
Signature to invoke this function and select one predefined
Profiles set in the
VPN and Remote Access >>IPSec Peer
Identity
.
IPSec Security Method
This group of fields is a must for IPSec Tunnels and L2TP
with IPSec Policy when you specify the remote node.
Medium-
Authentication Header (AH) means data will be
authenticated, but not be encrypted. By default, this option is
active.
High-
Encapsulating Security Payload (ESP) means payload
(data) will be encrypted and authenticated. You may select
Page 218 / 335
Vigor2710 Series User’s Guide
206
encryption algorithm from Data Encryption Standard (DES),
Triple DES (3DES), and AES.
My WAN IP
This field is only applicable when you select PPTP or L2TP
with or without IPSec policy above. The default value is
0.0.0.0, which means the Vigor router will get a PPP IP
address from the remote router during the IPCP negotiation
phase. If the PPP IP address is fixed by remote side, specify
the fixed IP address here. Do not change the default value if
you do not select PPTP or L2TP.
Remote Gateway IP
This field is only applicable when you select PPTP or L2TP
with or without IPSec policy above. The default value is
0.0.0.0, which means the Vigor router will get a remote
Gateway PPP IP address from the remote router during the
IPCP negotiation phase. If the PPP IP address is fixed by
remote side, specify the fixed IP address here. Do not change
the default value if you do not select PPTP or L2TP.
Remote Network IP/
Remote Network Mask
Add a static route to direct all traffic destined to this Remote
Network IP Address/Remote Network Mask through the VPN
connection. For IPSec, this is the destination clients IDs of
phase 2 quick mode.
Local Network IP / Local
Network Mask
Display the local network IP and mask for TCP / IP
configuration. You can modify the settings if required.
More
Add a static route to direct all traffic destined to more Remote
Network IP Addresses/ Remote Network Mask through the
VPN connection. This is usually used when you find there are
several subnets behind the remote VPN router.
RIP Direction
The option specifies the direction of RIP (Routing Information
Protocol) packets. You can enable/disable one of direction
here. Herein, we provide four options: TX/RX Both, TX Only,
RX Only, and Disable.
From first subnet to
remote network, you
have to do
If the remote network only allows you to dial in with single IP,
please choose
NAT
, otherwise choose
Route
.
Change default route to
this VPN tunnel
Check this box to change the default route with this VPN
tunnel.
Page 219 / 335
Vigor2710 Series User’s Guide
207
4.9.7 Connection Management
You can find the summary table of all VPN connections. You may disconnect any VPN
connection by clicking
Drop
button. You may also aggressively Dial-out by using Dial-out
Tool and clicking
Dial
button.
Dial
Click this button to execute dial out function.
Refresh Seconds
Choose the time for refresh the dial information among 5, 10,
and 30.
Refresh
Click this button to refresh the whole connection status.
Page 220 / 335
Vigor2710 Series User’s Guide
208
4.10 Certificate Management
A digital certificate works as an electronic ID, which is issued by a certification authority
(CA). It contains information such as your name, a serial number, expiration dates etc., and
the digital signature of the certificate-issuing authority so that a recipient can verify that the
certificate is real. Here Vigor router support digital certificates conforming to standard
X.509.
Any entity wants to utilize digital certificates should first request a certificate issued by a CA
server. It should also retrieve certificates of other trusted CA servers so it can authenticate
the peer with certificates issued by those trusted CA servers.
Here you can manage generate and manage the local digital certificates, and set trusted CA
certificates. Remember to adjust the time of Vigor router before using the certificate so that
you can get the correct valid period of certificate.
Below shows the menu items for Certificate Management.
4.10.1 Local Certificate
Generate
Click this button to open
Generate Certificate Request
window.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top