Page 81 / 202 Scroll up to view Page 76 - 80
Vigor2800 Series User’s Guide
75
The reminder as regards concern about Firewall and UPnP
Can't work with Firewall Software
Enabling firewall applications on your PC may cause the UPnP function not
working properly. This is because these applications will block the accessing
ability of some network ports.
Security Considerations
Activating the UPnP function on your network may incur some security threats.
You should consider carefully these risks before activating the UPnP function.
¾
Some Microsoft operating systems have found out the UPnP weaknesses and
hence you need to ensure that you have applied the latest service packs and
patches.
¾
Non-privileged users can control some router functions, including removing
and adding port mappings.
The UPnP function dynamically adds port mappings on behalf of some
UPnP-aware applications. When the applications terminate abnormally, these
mappings may not be removed.
Page 82 / 202
Vigor2800 Series User’s Guide
76
3.6.5 Wake On LAN
A PC client on LAN can wake up specified PC through the router. Yet the specified PC must
have installed a network card supporting WOL function. By the way, WOL function must be
set as “Enable” on the BIOS setting of the specified PC.
Wake by
Two types provide for you to wake up the binded IP. If you
choose Wake by MAC Address, you have to type the correct
MAC address of the host in MAC Address boxes. If you
choose Wake by IP Address, you have to choose the correct IP
address. The IP address should be binded with MAC address
configured in
Bind IP to MAC
page.
IP Address
The IP addresses that have been configured in
Firewall>>Bind IP to MAC
will be shown in this drop down
list. Choose the IP address from the drop down list that you
want to wake up.
MAC Address
Type any one of the MAC address of the binded PCs.
Wake Up!
Click this button to wake up the selected IP. See the following
figure. The result will be shown on the box.
Page 83 / 202
Vigor2800 Series User’s Guide
77
3.7 VPN and Remote Access
A Virtual Private Network (VPN) is the extension of a private network that encompasses
links across shared or public networks like the Internet. In short, by VPN technology, you
can send data between two computers across a shared or public network in a manner that
emulates the properties of a point-to-point private link.
Below shows the menu items for VPN and Remote Access.
Note:
This feature can be applied for ISDN remote dial-in or ISDN LAN-to-LAN
connection in
i
series models.
3.7.1 Remote Access Control
Enable the necessary VPN service as you need. If you intend to run a VPN server inside your
LAN, you should disable the VPN service of Vigor Router to allow VPN tunnel pass through,
as well as the appropriate NAT settings, such as DMZ or open port.
The Vigor router will not accept the ISDN dial-in connection if the box of
Enable ISDN
Dial-in
is not checked.
3.7.2 PPP General Setup
This submenu only applies to PPP-related VPN connections, such as PPTP, L2TP, L2TP
over IPSec.
Page 84 / 202
Vigor2800 Series User’s Guide
78
Dial-In PPP
Authentication PAP Only
Select this option to force the router to authenticate dial-in
users with the PAP protocol.
PAP or CHAP
Selecting this option means the router will attempt to
authenticate dial-in users with the CHAP protocol first. If the
dial-in user does not support this protocol, it will fall back to
use the PAP protocol for authentication.
Dial-In PPP Encryption
(MPPE Optional MPPE
This option represents that the MPPE encryption method will
be optionally employed in the router for the remote dial-in
user. If the remote dial-in user does not support the MPPE
encryption algorithm, the router will transmit “no MPPE
encrypted packets”. Otherwise, the MPPE encryption scheme
will be used to encrypt the data.
Require MPPE (40/128bits) -
Selecting this option will force
the router to encrypt packets by using the MPPE encryption
algorithm. In addition, the remote dial-in user will use 40-bit
to perform encryption prior to using 128-bit for encryption.
In other words, if 128-bit MPPE encryption method is not
available, then 40-bit encryption scheme will be applied to
encrypt the data.
Maximum MPPE -
This option indicates that the router will
use the MPPE encryption scheme with maximum bits
(128-bit) to encrypt the data.
Mutual Authentication
(PAP)
The Mutual Authentication function is mainly used to
communicate with other routers or clients who need
bi-directional authentication in order to provide stronger
security, for example, Cisco routers. So you should enable
this function when your peer router requires mutual
authentication. You should further specify the
User Name
and
Password
of the mutual authentication peer.
Start IP Address
Enter a start IP address for the dial-in PPP connection. You
should choose an IP address from the local private network.
For example, if the local private network is
192.168.1.0/255.255.255.0, you could choose 192.168.1.200
as the Start IP Address. But, you have to notice that the first
Page 85 / 202
Vigor2800 Series User’s Guide
79
two IP addresses of 192.168.1.200 and 192.168.1.201 are
reserved for ISDN remote dial-in user.
3.7.3 IPSec General Setup
In
IPSec General Setup,
there are two major parts of configuration.
There are two phases of IPSec.
¾
Phase 1: negotiation of IKE parameters including encryption, hash, Diffie-Hellman
parameter values, and lifetime to protect the following IKE exchange, authentication of
both peers using either a Pre-Shared Key or Digital Signature (x.509). The peer that
starts the negotiation proposes all its policies to the remote peer and then remote peer
tries to find a highest-priority match with its policies. Eventually to set up a secure
tunnel for IKE Phase 2.
¾
Phase 2: negotiation IPSec security methods including Authentication Header (AH) or
Encapsulating Security Payload (ESP) for the following IKE exchange and mutual
examination of the secure tunnel establishment.
There are two encapsulation methods used in IPSec,
Transport
and
Tunnel
. The
Transport
mode will add the AH/ESP payload and use original IP header to encapsulate the data
payload only. It can just apply to local packet, e.g., L2TP over IPSec. The
Tunnel
mode will
not only add the AH/ESP payload but also use a new IP header (Tunneled IP header) to
encapsulate the whole original IP packet.
Authentication Header (AH) provides data authentication and integrity for IP packets passed
between VPN peers. This is achieved by a keyed one-way hash function to the packet to
create a message digest. This digest will be put in the AH and transmitted along with packets.
On the receiving side, the peer will perform the same one-way hash on the packet and
compare the value with the one in the AH it receives.
Encapsulating Security Payload (ESP) is a security protocol that provides data
confidentiality and protection with optional authentication and replay detection service.
IKE Authentication Method
This usually applies to those are remote dial-in user or node
(LAN-to-LAN) which uses dynamic IP address and
IPSec-related VPN connections such as L2TP over IPSec
and IPSec tunnel.
Pre-Shared Key -
Currently only support Pre-Shared Key
authentication.
Pre-Shared Key-
Specify a key for IKE authentication
Re-type Pre-Shared Key-
Confirm the pre-shared key.

Rate

4.7 / 5 based on 3 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top