DrayTek Vigor-2800G Router Manual PDF (Setup & Configuration Guide)

Page 96 / 202 Scroll up to view Page 91 - 95

Vigor2800 Series User’s Guide

90

PPTP

Allow the remote dial-in user to make a PPTP VPN

connection through the Internet. You should set the User

Name and Password of remote dial-in user below.

IPSec Tunnel

Allow the remote dial-in user to trigger a IPSec VPN

connection through Internet.

L2TP

Allow the remote dial-in user to make a L2TP VPN

connection through the Internet. You can select to use L2TP

alone or with IPSec. Select from below:

None-

Do not apply the IPSec policy. Accordingly, the VPN

connection employed the L2TP without IPSec policy can be

viewed as one pure L2TP connection.

Nice to Have

- Apply the IPSec policy first, if it is applicable

during negotiation. Otherwise, the dial-in VPN connection

becomes one pure L2TP connection.

Must-

Specify the IPSec policy to be definitely applied on the

L2TP connection.

Specify CLID or Remote

VPN Gateway

You can specify the IP address of the remote dial-in user or

peer ID (should be the same with the ID setting in dial-in

type) by checking the box. Enter Peer ISDN number if you

select ISDN above (This feature is useful for

i

model only.).

Also, you should further specify the corresponding security

methods on the right side.

If you uncheck the checkbox

,

the connection type you select

above will apply the authentication methods and security

methods in the general settings.

User Name

This field is applicable when you select ISDN, PPTP or L2TP

with or without IPSec policy above.

Password

This field is applicable when you select ISDN, PPTP or L2TP

with or without IPSec policy above.

VJ Compression

VJ Compression is used for TCP/IP protocol header

compression. This field is applicable when you select ISDN,

PPTP or L2TP with or without IPSec policy above.

IKE Authentication

Method

This group of fields is applicable for IPSec Tunnels and L2TP

with IPSec Policy when you specify the IP address of the

remote node. The only exception is Digital Signature (X.509)

can be set when you select IPSec tunnel either with or without

specify the IP address of the remote node.

Pre-Shared Key -

Check the box of Pre-Shared Key to

invoke this function and type in the required characters (1-63)

as the pre-shared key.

Digital Signature (X.509) –

Check the box of Digital

Signature to invoke this function and select one predefined in

the X.509 Peer ID Profiles.

IPSec Security Method

This group of fields is a must for IPSec Tunnels and L2TP

with IPSec Policy when you specify the remote node.

Medium-

Authentication Header (AH) means data will be

authenticated, but not be encrypted. By default, this option is

active.

High-

Encapsulating Security Payload (ESP) means payload

(data) will be encrypted and authenticated. You may select

Page 97 / 202

Vigor2800 Series User’s Guide

91

encryption algorithm from Data Encryption Standard (DES),

Triple DES (3DES), and AES.

Callback Function

The callback function provides a callback service only for the

ISDNLAN-to-LAN connection (this feature is useful for

i

model only). The remote user will be charged the connection

fee by the telecom.

Check to enable Callback function

-Enables the callback

function.

Callback number

-The option is for extra security. Once

enabled, the router will ONLY call back to the specified

Callback Number.

Callback budget

- By default, the callback function has

limitation of callback period. Once the callback budget is

exhausted, the function will be disabled automatically.

Callback Budget (Unit: minutes)-

Specify the time budget

for the dial-in user. The budget will be decreased

automatically per callback connection. The default value 0

means no limitation of callback period.

My WAN IP

This field is only applicable when you select PPTP or L2TP

with or without IPSec policy above. The default value is

0.0.0.0, which means the Vigor router will get a PPP IP

address from the remote router during the IPCP negotiation

phase. If the PPP IP address is fixed by remote side, specify

the fixed IP address here.

Remote Gateway IP

This field is only applicable when you select PPTP or L2TP

with or without IPSec policy above. The default value is

0.0.0.0, which means the Vigor router will get a remote

Gateway PPP IP address from the remote router during the

IPCP negotiation phase. If the PPP IP address is fixed by

remote side, specify the fixed IP address here.

Remote Network IP/

Remote Network Mask

Add a static route to direct all traffic destined to this Remote

Network IP Address/Remote Network Mask through the VPN

connection. For IPSec, this is the destination clients IDs of

phase 2 quick mode.

More

Add a static route to direct all traffic destined to more Remote

Network IP Addresses/ Remote Network Mask through the

VPN connection. This is usually used when you find there are

several subnets behind the remote VPN router.

RIP Direction

The option specifies the direction of RIP (Routing Information

Protocol) packets. You can enable/disable one of direction

here. Herein, we provide four options: TX/RX Both, TX Only,

RX Only, and Disable.

RIP Version

Select the RIP protocol version. Specify Ver. 2 for greatest

compatibility.

For NAT operation, treat

remote sub-net as

While communicating with remote subnet, the router can treat

it as private subnet by sending packets with the router’s

private IP address, or treat it as public subnet by sending

packets with the router’s public IP address.

Page 98 / 202

Vigor2800 Series User’s Guide

92

3.7.7 Connection Management

You can find the summary table of all VPN connections. You may disconnect any VPN

connection by clicking

Drop

button. You may also aggressively Dial-out by using Dial-out

Tool and clicking

Dial

button.

Dial

Click this button to execute dial out function.

Refresh Seconds

Choose the time for refresh the dail information among 5, 10,

and 30.

Refresh

Click this button to refresh the whole connection status.

3.8 Certificate Management

A digital certificate works as an electronic ID, which is issued by a certification authority

(CA). It contains information such as your name, a serial number, expiration dates etc., and

the digital signature of the certificate-issuing authority so that a recipient can verify that the

certificate is real. Here Vigor router support digital certificates conforming to standard

X.509.

Any entity wants to utilize digital certificates should first request a certificate issued by a CA

server. It should also retrieve certificates of other trusted CA servers so it can authenticate

the peer with certificates issued by those trusted CA servers.

Here you can manage generate and manage the local digital certificates, and set trusted CA

certificates. Remember to adjust the time of Vigor router before using the certificate so that

you can get the correct valid period of certificate.

Below shows the menu items for Certificate Management.

Page 99 / 202

Vigor2800 Series User’s Guide

93

3.8.1 Local Certificate

Generate

Click this button to open

Generate Certificate Request

window.

Type in all the information that the window request. Then

click

Generate

again.

Import

Click this button to import a saved file as the certification

information.

Refresh

Click this button to refresh the information listed below.

View

Click this button to view the detailed settings for certificate

request.

After clicking

Generate

, the generated information will be displayed on the window below:

Page 100 / 202

Vigor2800 Series User’s Guide

94

3.8.2 Trusted CA Certificate

Trusted CA certificate lists three sets of trusted CA certificate.

To import a pre-saved trusted CA certificate, please click

IMPORT

to open the following

window. Use

Browse…

to find out the saved text file. Then click Import. The one you

imported will be listed on the Trusted CA Certificate window. Then click

Import

to use the

pre-saved file.

Rate

Popular DrayTek Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share