Page 411 / 794 Scroll up to view Page 406 - 410
Vigor2860 Series User’s Guide
397
Click each index to edit one remote user profile.
Available settings are explained as follows:
Item
Description
User account and
Authentication
Enable this account
- Check the box to enable this function.
Idle Timeout-
If the dial-in user is idle over the limitation of
the timer, the router will drop this connection. By default, the
Idle Timeout is set to 300 seconds.
User Name
- This field is applicable when you select PPTP or
L2TP with or without IPsec policy above. The length of the
name/password is limited to 23 characters.
Password
- This field is applicable when you select PPTP or
L2TP with or without IPsec policy above. The length of the
name/password is limited to 19 characters.
Enable Mobile One-Time Passwords (mOTP) -
Check this
box to make the authentication with mOTP function.
PIN Code
– Type the code for authentication (e.g, 1234).
Secret
– Use the 32 digit-secret number generated by mOTP in
the mobile phone (e.g., e759bb6f0e94c7ab4fe6).
Allowed Dial-In Type
PPTP
- Allow the remote dial-in user to make a PPTP VPN
connection through the Internet. You should set the User Name
and Password of remote dial-in user below.
Page 412 / 794
Vigor2860 Series User’s Guide
398
Item
Description
IPSec Tunnel
- Allow the remote dial-in user to make an
IPSec VPN connection through Internet.
L2TP with IPSec Policy
- Allow the remote dial-in user to
make a L2TP VPN connection through the Internet. You can
select to use L2TP alone or with IPSec. Select from below:
None -
Do not apply the IPSec policy. Accordingly, the
VPN connection employed the L2TP without IPSec
policy can be viewed as one pure L2TP connection.
Nice to Have -
Apply the IPSec policy first, if it is
applicable during negotiation. Otherwise, the dial-in VPN
connection becomes one pure L2TP connection.
Must -
Specify the IPSec policy to be definitely applied
on the L2TP connection.
SSL Tunnel -
It allows the remote dial-in user to make an SSL
VPN Tunnel connection through Internet, suitable for the
application through network accessing (e.g.,
PPTP/L2TP/IPSec)
If you check this box, the function of SSL Tunnel for this
account will be activated immediately.
Specify Remote Node -
Check the checkbox to specify the IP
address of the remote dial-in user, ISDN number or peer ID
(used in IKE aggressive mode). If you uncheck the checkbox,
the connection type you select above will apply the
authentication methods and security methods in the
general
settings
.
Netbios Naming Packet
Pass
– Click it to have an inquiry for data transmission
between the hosts located on both sides of VPN Tunnel
while connecting.
Block
– When there is conflict occurred between the
hosts on both sides of VPN Tunnel in connecting, such
function can block data transmission of Netbios Naming
Packet inside the tunnel.
Multicast via VPN
- Some programs might send multicast
packets via VPN connection.
Pass
– Click this button to let multicast packets pass
through the router.
Block
– This is default setting. Click this button to let
multicast packets be blocked by the router.
Subnet
Chose one of the subnet selections for such VPN profile.
Assign Static IP Address –
Please type a static IP address for
the subnet you specified.
IKE Authentication
Method
This group of fields is applicable for IPSec Tunnels and L2TP
with IPSec Policy when you specify the IP address of the
remote node. The only exception is Digital Signature (X.509)
can be set when you select IPSec tunnel either with or without
specify the IP address of the remote node.
Pre-Shared Key -
Check the box of Pre-Shared Key to invoke
Page 413 / 794
Vigor2860 Series User’s Guide
399
Item
Description
this function and type in the required characters (1-63) as the
pre-shared key.
Digital Signature (X.509) –
Check the box of Digital
Signature to invoke this function and Select one predefined
Profiles set in the
VPN and
Remote Access >>IPSec Peer
Identity.
IPSec Security Method
This group of fields is a must for IPSec Tunnels and L2TP
with IPSec Policy when you specify the remote node. Check
the Medium, DES, 3DES or AES box as the security method.
Medium-Authentication Header (AH)
means data will be
authenticated, but not be encrypted. By default, this option is
invoked. You can uncheck it to disable it.
High-Encapsulating Security Payload (ESP)
means payload
(data) will be encrypted and authenticated. You may select
encryption algorithm from Data Encryption Standard (DES),
Triple DES (3DES), and AES.
Local ID -
Specify a local ID to be used for Dial-in setting in
the LAN-to-LAN Profile setup. This item is optional and can
be used only in IKE aggressive mode.
After finishing all the settings here, please click
OK
to save the configuration.
Page 414 / 794
Vigor2860 Series User’s Guide
400
3.17.5 User Group
There are 10 user group profiles which can be created for authentication by LDAP server.
Such profiles will be used by applications such as User Management, VPN and etc.
Each item is explained as follows:
Item
Description
Set to Factory Default
Click to clear all indexes.
Index
Display the number of the client which connecting to FTP
server.
Name
Display the name of the group profile.
Click any index number link to open the following page for detailed configuration.
Page 415 / 794
Vigor2860 Series User’s Guide
401
Available settings are explained as follows:
Item
Description
Enable
Check this box to enable such profile.
Group Name
Type a name for such profile. The length of the name is
limited to 23 characters.
Access Authority
Specify the authority for such profile.
At present, Vigor router allows you to create SSL Web Proxy
and SSL Application profiles used for SSL VPN. The
available profiles will be displayed here for you to select.
Authentication Methods
It can determine the authentication method used for such
profile.
Local User DataBase –
The system will do the
authentication by using the user defined account profiles (in
VPN and Remote Access>>Remote Dial-In User
). The
enabled profiles will be listed in the
Available User Account
on the left box. To add a profile into a group, simply choose
the one from the left box and click the
>>
button. It will be
displayed in the
Selected User Account
on the right box. For
detailed information about configuring the profile setting,
refer to
Objects Setting>>IP Group
.
RADIUS –
The
RADIUS server will do the authentication by
using the username and password
TACACS+
- The TACACS+ will do the authentication by
using the username and password.
LDAP / Active Directory -
If it is checked, the LDAP / AD
server will do the authentication by using the username,
password, information stated on the selected profiles.
If the above three options are enabled, the system will do the
authentication based on them in sequence.
After finishing all the settings here, please click
OK
to save the configuration.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top