1. Home
    2. /
  2. Manuals
    3. /
  3. DrayTek
    4. /
  4. Vigor-2800G
    5. /
  5. 18
Page 86 / 202 Scroll up to view Page 81 - 85
Vigor2800 Series User’s Guide
80
IPSec Security Method
Medium
-
Authentication Header (AH) means data will be
authenticated, but not be encrypted. By default, this option is
active.
High
-
Encapsulating Security Payload (ESP) means
payload (data) will be encrypted and authenticated. You may
select encryption algorithm from Data Encryption Standard
(DES), Triple DES (3DES), and AES.
3.7.4 IPSec Peer Identity
To use digital certificate for peer authentication in either LAN-to-LAN connection or
Remote User Dial-In connection, here you may edit a table of peer certificate for selection.
As shown below, the router provides 32 entries of digital certificates for peer dial-in users.
Set to Factory Default
Click it to clear all indexes.
Index
Click the number below Index to access into the setting page
of IPSec Peer Identity.
Name
Display the profile name of that index.
Next
Click this link to access into next page for setting more
accounts.
Click each index to edit one peer digital certificate. There are three security levels of digital
signature authentication: Fill each necessary field to authenticate the remote peer. The
following explanation will guide you to fill all the necessary fields.
Page 87 / 202
Vigor2800 Series User’s Guide
81
Profile Name
Type in a name in this file.
Accept Any Peer ID
Click to accept any peer regardless of its identity.
Accept Subject Alternative
Name
Click to check one specific field of digital signature to accept
the peer with matching value. The field can be
IP Address,
Domain,
or
E-mail Address
. The box under the Type will
appear according to the type you select and ask you to fill in
corresponding setting.
Accept Subject Name
Click to check the specific fields of digital signature to accept
the peer with matching value. The field includes
Country (C),
State (ST), Location (L), Organization (O), Organization
Unit (OU), Common Name (CN),
and
Email (E)
.
Page 88 / 202
Vigor2800 Series User’s Guide
82
3.7.5 Remote User Profiles
You can manage remote access by maintaining a table of remote user profile, so that users
can be authenticated to dial-in or build the VPN connection. You may set parameters
including specified connection peer ID, connection type (VPN including PPTP, IPSec
Tunnel, and L2TP by itself or over IPSec) and corresponding security methods, etc.
The router provides 32 access accounts for dial-in users. Besides, you can extend the user
accounts to the RADIUS server through the built-in RADIUS client function.
The
following figure shows the summary table.
Set to Factory Default
Click to clear all indexes.
Index
Click the number below Index to access into the setting page
of Remote Dial-in User.
User
Display the username for the specific dial-in user of the
LAN-to-LAN profile. The symbol
???
represents that the
profile is empty.
Status
Display the access state of the specific dial-in user.
The
symbol V and X represent the specific dial-in user to be active
and inactive, respectively.
Next
Click this link to access into next page for setting more
accounts.
Click each index to edit one remote user profile.
Each Dial-In Type requires you to fill the
different corresponding fields on the right.
If the fields gray out, it means you may leave it
untouched. The following explanation will guide you to fill all the necessary fields.
Page 89 / 202
Vigor2800 Series User’s Guide
83
Enable this account
Check the box to enable this function.
Idle Timeout-
If the dial-in user is idle over the limitation of
the timer, the router will drop this connection. By default, the
Idle Timeout is set to 300 seconds.
ISDN
Allow the remote ISDN dial-in connection. You can further
set up Callback function below. You should set the User
Name and Password of remote dial-in user below. This feature
is for
i
model only.
PPTP
Allow the remote dial-in user to make a PPTP VPN
connection through the Internet. You should set the User
Name and Password of remote dial-in user below
IPSec Tunnel
Allow the remote dial-in user to trigger a IPSec VPN
connection through Internet.
L2TP
Allow the remote dial-in user to make a L2TP VPN
connection through the Internet. You can select to use L2TP
alone or with IPSec. Select from below:
None -
Do not apply the IPSec policy. Accordingly, the VPN
connection employed the L2TP without IPSec policy can be
viewed as one pure L2TP connection.
N
ice to Have -
Apply the IPSec policy first, if it is applicable
during negotiation. Otherwise, the dial-in VPN connection
becomes one pure L2TP connection.
Must -
Specify the IPSec policy to be definitely applied on the
L2TP connection.
Specify Remote Node
Check the checkbox-
You can specify the IP address of the
remote dial-in user, ISDN number or peer ID (used in IKE
aggressive mode).
Page 90 / 202
Vigor2800 Series User’s Guide
84
Uncheck the checkbox-
This means the connection type you
select above will apply the authentication methods and
security methods in the
general settings
.
User Name
This field is applicable when you select ISDN, PPTP or L2TP
with or without IPSec policy above.
Password
This field is applicable when you select ISDN, PPTP or L2TP
with or without IPSec policy above.
IKE Authentication Method
This group of fields is applicable for IPSec Tunnels and L2TP
with IPSec Policy when you specify the IP address of the
remote node. The only exception is Digital Signature (X.509)
can be set when you select IPSec tunnel either with or without
specify the IP address of the remote node.
Pre-Shared Key -
Check the box of Pre-Shared Key to
invoke this function and type in the required characters (1-63)
as the pre-shared key.
Digital Signature (X.509) –
Check the box of Digital
Signature to invoke this function and select one predefined in
the X.509 Peer ID Profiles.
IPSec Security Method
This group of fields is a must for IPSec Tunnels and L2TP
with IPSec Policy when you specify the remote node. Check
the Medium, DES, 3DES or AES box as the security method.
Medium -Authentication Header (AH)
means data will be
authenticated, but not be encrypted. By default, this option is
invoked. You can uncheck it to disable it.
High-Encapsulating Security Payload (ESP)
means payload
(data) will be encrypted and authenticated. You may select
encryption algorithm from Data Encryption Standard (DES),
Triple DES (3DES), and AES.
Local ID -
Specify a local ID to be used for Dial-in setting in
the LAN-to-LAN Profile setup. This item is optional and can
be used only in IKE aggressive mode.
Callback Function
The callback function provides a callback service only for the
ISDN dial-in user (for
i
model only). The remote user will be
charged the connection fee by the telecom.
Check to enable Callback function
-Enables the callback
function.
Specify the callback number
-The option is for extra security.
Once enabled, the router will ONLY call back to the specified
Callback Number.
Check to enable callback budget control
-By default, the
callback function has a time restriction. Once the callback
budget has been exhausted, the callback mechanism will be
disabled automatically.
Callback Budget (Unit: minutes)
- Specify the time budget
for the dial-in user. The budget will be decreased
automatically per callback connection.

Rate

4.7 / 5 based on 3 votes.

Popular DrayTek Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top