DrayTek Vigor2860Vn-plus Router Manual PDF (Setup & Configuration Guide)

Page 411 / 794 Scroll up to view Page 406 - 410

Vigor2860 Series User’s Guide

397

Click each index to edit one remote user profile.

Available settings are explained as follows:

Item

Description

User account and

Authentication

Enable this account

- Check the box to enable this function.

Idle Timeout-

If the dial-in user is idle over the limitation of

the timer, the router will drop this connection. By default, the

Idle Timeout is set to 300 seconds.

User Name

- This field is applicable when you select PPTP or

L2TP with or without IPsec policy above. The length of the

name/password is limited to 23 characters.

Password

- This field is applicable when you select PPTP or

L2TP with or without IPsec policy above. The length of the

name/password is limited to 19 characters.

Enable Mobile One-Time Passwords (mOTP) -

Check this

box to make the authentication with mOTP function.

PIN Code

– Type the code for authentication (e.g, 1234).

Secret

– Use the 32 digit-secret number generated by mOTP in

the mobile phone (e.g., e759bb6f0e94c7ab4fe6).

Allowed Dial-In Type

PPTP

- Allow the remote dial-in user to make a PPTP VPN

connection through the Internet. You should set the User Name

and Password of remote dial-in user below.

Page 412 / 794

Vigor2860 Series User’s Guide

398

Item

Description

IPSec Tunnel

- Allow the remote dial-in user to make an

IPSec VPN connection through Internet.

L2TP with IPSec Policy

- Allow the remote dial-in user to

make a L2TP VPN connection through the Internet. You can

select to use L2TP alone or with IPSec. Select from below:



None -

Do not apply the IPSec policy. Accordingly, the

VPN connection employed the L2TP without IPSec

policy can be viewed as one pure L2TP connection.



Nice to Have -

Apply the IPSec policy first, if it is

applicable during negotiation. Otherwise, the dial-in VPN

connection becomes one pure L2TP connection.



Must -

Specify the IPSec policy to be definitely applied

on the L2TP connection.

SSL Tunnel -

It allows the remote dial-in user to make an SSL

VPN Tunnel connection through Internet, suitable for the

application through network accessing (e.g.,

PPTP/L2TP/IPSec)

If you check this box, the function of SSL Tunnel for this

account will be activated immediately.

Specify Remote Node -

Check the checkbox to specify the IP

address of the remote dial-in user, ISDN number or peer ID

(used in IKE aggressive mode). If you uncheck the checkbox,

the connection type you select above will apply the

authentication methods and security methods in the

general

settings

.

Netbios Naming Packet



Pass

– Click it to have an inquiry for data transmission

between the hosts located on both sides of VPN Tunnel

while connecting.



Block

– When there is conflict occurred between the

hosts on both sides of VPN Tunnel in connecting, such

function can block data transmission of Netbios Naming

Packet inside the tunnel.

Multicast via VPN

- Some programs might send multicast

packets via VPN connection.



Pass

– Click this button to let multicast packets pass

through the router.



Block

– This is default setting. Click this button to let

multicast packets be blocked by the router.

Subnet

Chose one of the subnet selections for such VPN profile.

Assign Static IP Address –

Please type a static IP address for

the subnet you specified.

IKE Authentication

Method

This group of fields is applicable for IPSec Tunnels and L2TP

with IPSec Policy when you specify the IP address of the

remote node. The only exception is Digital Signature (X.509)

can be set when you select IPSec tunnel either with or without

specify the IP address of the remote node.

Pre-Shared Key -

Check the box of Pre-Shared Key to invoke

Page 413 / 794

Vigor2860 Series User’s Guide

399

Item

Description

this function and type in the required characters (1-63) as the

pre-shared key.

Digital Signature (X.509) –

Check the box of Digital

Signature to invoke this function and Select one predefined

Profiles set in the

VPN and

Remote Access >>IPSec Peer

Identity.

IPSec Security Method

This group of fields is a must for IPSec Tunnels and L2TP

with IPSec Policy when you specify the remote node. Check

the Medium, DES, 3DES or AES box as the security method.

Medium-Authentication Header (AH)

means data will be

authenticated, but not be encrypted. By default, this option is

invoked. You can uncheck it to disable it.

High-Encapsulating Security Payload (ESP)

means payload

(data) will be encrypted and authenticated. You may select

encryption algorithm from Data Encryption Standard (DES),

Triple DES (3DES), and AES.

Local ID -

Specify a local ID to be used for Dial-in setting in

the LAN-to-LAN Profile setup. This item is optional and can

be used only in IKE aggressive mode.

After finishing all the settings here, please click

OK

to save the configuration.

Page 414 / 794

Vigor2860 Series User’s Guide

400

3.17.5 User Group

There are 10 user group profiles which can be created for authentication by LDAP server.

Such profiles will be used by applications such as User Management, VPN and etc.

Each item is explained as follows:

Item

Description

Set to Factory Default

Click to clear all indexes.

Index

Display the number of the client which connecting to FTP

server.

Name

Display the name of the group profile.

Click any index number link to open the following page for detailed configuration.

Page 415 / 794

Vigor2860 Series User’s Guide

401

Available settings are explained as follows:

Item

Description

Enable

Check this box to enable such profile.

Group Name

Type a name for such profile. The length of the name is

limited to 23 characters.

Access Authority

Specify the authority for such profile.

At present, Vigor router allows you to create SSL Web Proxy

and SSL Application profiles used for SSL VPN. The

available profiles will be displayed here for you to select.

Authentication Methods

It can determine the authentication method used for such

profile.

Local User DataBase –

The system will do the

authentication by using the user defined account profiles (in

VPN and Remote Access>>Remote Dial-In User

). The

enabled profiles will be listed in the

Available User Account

on the left box. To add a profile into a group, simply choose

the one from the left box and click the

>>

button. It will be

displayed in the

Selected User Account

on the right box. For

detailed information about configuring the profile setting,

refer to

Objects Setting>>IP Group

.

RADIUS –

The

RADIUS server will do the authentication by

using the username and password

TACACS+

- The TACACS+ will do the authentication by

using the username and password.

LDAP / Active Directory -

If it is checked, the LDAP / AD

server will do the authentication by using the username,

password, information stated on the selected profiles.

If the above three options are enabled, the system will do the

authentication based on them in sequence.

After finishing all the settings here, please click

OK

to save the configuration.

Rate

Popular DrayTek Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share