Page 166 / 251 Scroll up to view Page 161 - 165
Vigor2920 Series User’s Guide
156
Enable this account
Check the box to enable this function.
Idle Timeout-
If the dial-in user is idle over the limitation of
the timer, the router will drop this connection. By default, the
Idle Timeout is set to 300 seconds.
PPTP
Allow the remote dial-in user to make a PPTP VPN connection
through the Internet. You should set the User Name and
Password of remote dial-in user below
IPSec Tunnel
Allow the remote dial-in user to make an IPSec VPN
connection through Internet.
L2TP
Allow the remote dial-in user to make a L2TP VPN connection
through the Internet. You can select to use L2TP alone or with
IPSec. Select from below:
None -
Do not apply the IPSec policy. Accordingly, the VPN
connection employed the L2TP without IPSec policy can be
viewed as one pure L2TP connection.
Nice to Have -
Apply the IPSec policy first, if it is applicable
during negotiation. Otherwise, the dial-in VPN connection
becomes one pure L2TP connection.
Must -
Specify the IPSec policy to be definitely applied on the
L2TP connection.
Specify Remote Node
Check the checkbox-
You can specify the IP address of the
remote dial-in user, ISDN number or peer ID (used in IKE
aggressive mode).
Uncheck the checkbox-
This means the connection type you
select above will apply the authentication methods and security
methods in the
general settings
.
Netbios Naming Packet
Pass
– Click it to have an inquiry for data transmission between
the hosts located on both sides of VPN Tunnel while connecting.
Block
– When there is conflict occurred between the hosts on
both sides of VPN Tunnel in connecting, such function can
VoIPon
www.voipon.co.uk
Tel: +44 (0)1245 808195
Fax: +44 (0)1245 808299
Page 167 / 251
Vigor2920 Series User’s Guide
157
block data transmission of Netbios Naming Packet inside the
tunnel.
User Name
This field is applicable when you select PPTP or L2TP with or
without IPSec policy above.
Password
This field is applicable when you select PPTP or L2TP with or
without IPSec policy above.
IKE Authentication Method
This group of fields is applicable for IPSec Tunnels and L2TP
with IPSec Policy when you specify the IP address of the
remote node. The only exception is Digital Signature (X.509)
can be set when you select IPSec tunnel either with or without
specify the IP address of the remote node.
Pre-Shared Key -
Check the box of Pre-Shared Key to invoke
this function and type in the required characters (1-63) as the
pre-shared key.
Digital Signature (X.509) –
Check the box of Digital Signature
to invoke this function and Select one predefined Profiles set in
the
VPN and
Remote Access >>IPSec Peer Identity.
IPSec Security Method
This group of fields is a must for IPSec Tunnels and L2TP with
IPSec Policy when you specify the remote node. Check the
Medium, DES, 3DES or AES box as the security method.
Medium -Authentication Header (AH)
means data will be
authenticated, but not be encrypted. By default, this option is
invoked. You can uncheck it to disable it.
High-Encapsulating Security Payload (ESP)
means payload
(data) will be encrypted and authenticated. You may select
encryption algorithm from Data Encryption Standard (DES),
Triple DES (3DES), and AES.
Local ID -
Specify a local ID to be used for Dial-in setting in
the LAN-to-LAN Profile setup. This item is optional and can be
used only in IKE aggressive mode.
VoIPon
www.voipon.co.uk
Tel: +44 (0)1245 808195
Fax: +44 (0)1245 808299
Page 168 / 251
Vigor2920 Series User’s Guide
158
4.9.6 LAN to LAN
Here you can manage LAN-to-LAN connections by maintaining a table of connection profiles.
You may set parameters including specified connection direction (dial-in or dial-out),
connection peer ID, connection type (VPN connection - including PPTP, IPSec Tunnel, and
L2TP by itself or over IPSec) and corresponding security methods, etc.
The router supports 2 VPN tunnels simultaneously and provides up to
32
profiles. The
following figure shows the summary table.
Set to Factory Default
Click to clear all indexes.
Name
Indicate the name of the LAN-to-LAN profile. The
symbol
???
represents that the profile is empty.
Status
Indicate the status of individual profiles. The symbol
V and X represent the profile to be active and
inactive, respectively.
Click each index to edit each profile and you will get the following page. Each LAN-to-LAN
profile includes 4 subgroups. If the fields gray out, it means you may leave it untouched. The
following explanations will guide you to fill all the necessary fields.
For the web page is too long, we divide the page into several sections for explanation.
VoIPon
www.voipon.co.uk
Tel: +44 (0)1245 808195
Fax: +44 (0)1245 808299
Page 169 / 251
Vigor2920 Series User’s Guide
159
Profile Name
Specify a name for the profile of the LAN-to-LAN connection.
Enable this profile
Check here to activate this profile.
VPN Dial-Out Through
Use the drop down menu to choose a proper WAN interface for
this profile. This setting is useful for dial-out only.
WAN1 First
- While connecting, the router will use WAN1 as
the first channel for VPN connection. If WAN1 fails, the router
will use another WAN interface instead.
WAN1 Only
- While connecting, the router will use WAN1 as
the only channel for VPN connection.
WAN2 First
- While connecting, the router will use WAN2 as
the first channel for VPN connection. If WAN2 fails, the router
will use another WAN interface instead.
WAN2 Only
- While connecting, the router will use WAN2 as
the only channel for VPN connection.
VoIPon
www.voipon.co.uk
Tel: +44 (0)1245 808195
Fax: +44 (0)1245 808299
Page 170 / 251
Vigor2920 Series User’s Guide
160
Netbios Naming Packet
Pass
– click it to have an inquiry for data transmission between
the hosts located on both sides of VPN Tunnel while connecting.
Block
– When there is conflict occurred between the hosts on
both sides of VPN Tunnel in connecting, such function can
block data transmission of Netbios Naming Packet inside the
tunnel.
Call Direction
Specify the allowed call direction of this LAN-to-LAN profile.
Both
:-initiator/responder
Dial-Out
- initiator only
Dial-In-
responder only.
Always On or Idle Timeout Always On-
Check to enable router always keep VPN
connection.
Idle Timeout:
The default value is 300 seconds. If the
connection has been idled over the value, the router will drop
the connection.
Enable PING to keep alive
This function is to help the router to determine the status of
IPSec VPN connection, especially useful in the case of
abnormal VPN IPSec tunnel disruption. For details, please refer
to the note below. Check to enable the transmission of PING
packets to a specified IP address.
PING to the IP
Enter the IP address of the remote host that located at the
other-end of the VPN tunnel.
Enable PING to Keep Alive
is used to handle abnormal
IPSec VPN connection disruption. It will help to provide
the state of a VPN connection for router’s judgment of
redial.
Normally, if any one of VPN peers wants to disconnect the
connection, it should follow a serial of packet exchange
procedure to inform each other. However, if the remote peer
disconnect without notice, Vigor router will by no where to
know this situation. To resolve this dilemma, by
continuously sending PING packets to the remote host, the
Vigor router can know the true existence of this VPN
connection and react accordingly. This is independent of
DPD (dead peer detection).
PPTP
Build a PPTP VPN connection to the server through the Internet.
You should set the identity like User Name and Password
below for the authentication of remote server.
IPSec Tunnel
Build an IPSec VPN connection to the server through Internet.
L2TP with …
Build a L2TP VPN connection through the Internet. You can
select to use L2TP alone or with IPSec. Select from below:
None:
Do not apply the IPSec policy. Accordingly, the VPN
connection employed the L2TP without IPSec policy can be
viewed as one pure L2TP connection.
Nice to Have:
Apply the IPSec policy first, if it is applicable
during negotiation. Otherwise, the dial-out VPN connection
becomes one pure L2TP connection.
Must:
Specify the IPSec policy to be definitely applied on the
L2TP connection.
VoIPon
www.voipon.co.uk
Tel: +44 (0)1245 808195
Fax: +44 (0)1245 808299

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top