Page 151 / 298 Scroll up to view Page 146 - 150
igor2930 Series User’s Guide
143
Allowed Dial-In Type
Determine the dial-in connection with different types.
ISDN
Allow the remote ISDN LAN-to-LAN connection. You
should set the User Name and Password of remote dial-in user
below. This feature is useful for
S
model only. In addition,
you can further set up Callback function below.
PPTP
Allow the remote dial-in user to make a PPTP VPN
connection through the Internet. You should set the User
Name and Password of remote dial-in user below.
IPSec Tunnel
Allow the remote dial-in user to trigger an IPSec VPN
connection through Internet.
L2TP
Allow the remote dial-in user to make a L2TP VPN
connection through the Internet. You can select to use L2TP
Page 152 / 298
Vigor2930 Series User’s Guide
144
alone or with IPSec. Select from below:
None -
Do not apply the IPSec policy. Accordingly, the VPN
connection employed the L2TP without IPSec policy can be
viewed as one pure L2TP connection.
Nice to Have
- Apply the IPSec policy first, if it is applicable
during negotiation. Otherwise, the dial-in VPN connection
becomes one pure L2TP connection.
Must -
Specify the IPSec policy to be definitely applied on
the L2TP connection.
Specify CLID or Remote
VPN Gateway
You can specify the IP address of the remote dial-in user or
peer ID (should be the same with the ID setting in dial-in
type) by checking the box. Enter Peer ISDN number if you
select ISDN above (This feature is useful for
i
model only.).
Also, you should further specify the corresponding security
methods on the right side.
If you uncheck the checkbox
,
the connection type you select
above will apply the authentication methods and security
methods in the general settings.
User Name
This field is applicable when you select ISDN, PPTP or L2TP
with or without IPSec policy above.
Password
This field is applicable when you select ISDN, PPTP or L2TP
with or without IPSec policy above.
VJ Compression
VJ Compression is used for TCP/IP protocol header
compression. This field is applicable when you select ISDN,
PPTP or L2TP with or without IPSec policy above.
IKE Authentication
Method
This group of fields is applicable for IPSec Tunnels and L2TP
with IPSec Policy when you specify the IP address of the
remote node. The only exception is Digital Signature (X.509)
can be set when you select IPSec tunnel either with or without
specify the IP address of the remote node.
Pre-Shared Key -
Check the box of Pre-Shared Key to
invoke this function and type in the required characters (1-63)
as the pre-shared key.
Digital Signature (X.509) –
Check the box of Digital
Signature to invoke this function and select one predefined
Profiles set in the
VPN and Remote Access >>IPSec Peer
Identity
.
IPSec Security Method
This group of fields is a must for IPSec Tunnels and L2TP
with IPSec Policy when you specify the remote node.
Medium-
Authentication Header (AH) means data will be
authenticated, but not be encrypted. By default, this option is
active.
High-
Encapsulating Security Payload (ESP) means payload
(data) will be encrypted and authenticated. You may select
encryption algorithm from Data Encryption Standard (DES),
Triple DES (3DES), and AES.
Callback Function
The callback function provides a callback service only for the
ISDN LAN-to-LAN connection (this feature is useful for
S
Page 153 / 298
igor2930 Series User’s Guide
145
model only). The remote user will be charged the connection
fee by the telecom.
Check to enable Callback function
-Enables the callback
function.
Callback number
-The option is for extra security. Once
enabled, the router will ONLY call back to the specified
Callback Number.
Callback budget
- By default, the callback function has
limitation of callback period. Once the callback budget is
exhausted, the function will be disabled automatically.
Callback Budget (Unit: minutes)-
Specify the time budget
for the dial-in user. The budget will be decreased
automatically per callback connection. The default value 0
means no limitation of callback period.
GRE over IPSec Settings
Enable IPSec Dial-Out function GRE over IPSec -
Check
this box to verify data and transmit data in encryption with
GRE over IPSec packet after configuring IPSec Dial-Out
setting. Both ends must match for each other by setting same
virtual IP address for communication.
Logical Traffic
- Such technique comes from RFC2890.
Define logical traffic for data transmission between both sides
of VPN tunnel by using the characteristic of GRE. Even
hacker can decipher IPSec encryption, he/she still cannot ask
LAN site to do data transmission with any information. Such
function can ensure the data transmitted on VPN tunnel is
really sent out from both sides. This is an optional function.
However, if one side wants to use it, the peer must enable it,
too.
TCP/IP Network Settings My WAN IP -
This field is only applicable when you select
ISDN, PPTP or L2TP with or without IPSec policy above.
The default value is 0.0.0.0, which means the Vigor router
will get a PPP IP address from the remote router during the
IPCP negotiation phase. If the PPP IP address is fixed by
remote side, specify the fixed IP address here. Do not change
the default value if you do not select ISDN, PPTP or L2TP.
Remote Gateway IP -
This field is only applicable when you
select ISDN, PPTP or L2TP with or without IPSec policy
above. The default value is 0.0.0.0, which means the Vigor
router will get a remote Gateway PPP IP address from the
remote router during the IPCP negotiation phase. If the PPP
IP address is fixed by remote side, specify the fixed IP address
here. Do not change the default value if you do not select
ISDN, PPTP or L2TP.
Remote Network IP/ Remote Network Mask -
Add a static
route to direct all traffic destined to this Remote Network IP
Address/Remote Network Mask through the VPN connection.
For IPSec, this is the destination clients IDs of phase 2 quick
mode.
Local Network IP / Local Network Mask –
Type the local
network IP and mask for TCP / IP configuration. You can
Page 154 / 298
Vigor2930 Series User’s Guide
146
modify the settings if required.
More
- Add a static route to direct all traffic destined to more
Remote Network IP Addresses/ Remote Network Mask
through the VPN connection. This is usually used when you
find there are several subnets behind the remote VPN router.
RIP Direction
- The option specifies the direction of RIP
(Routing Information Protocol) packets. You can
enable/disable one of direction here. Herein, we provide four
options: TX/RX Both, TX Only, RX Only, and Disable.
From first subnet to remote network, you have to do
-
If the remote network only allows you to dial in with single
IP, please choose
NAT
, otherwise choose
Route
.
Change default route to this VPN tunnel
- Check this box
to change the default route with this VPN tunnel. Be aware
that this setting is available only for one WAN interface is
enabled. It is not available when both WAN interfaces are
enabled. You have to disable one WAN interface (WAN 1 or
WAN 2) on
WAN >> General Setup
for enabling such
setting.
3.9.9 VPN TRUNK Management
VPN trunk includes four features - VPN Backup, VPN load balance, GRE over IPSec, and
Binding tunnel policy.
Features of VPN TRUNK – VPN Backup Mechanism
VPN TRUNK Management is a backup mechanism which can set multiple VPN tunnels as
backup tunnel. It can assure the network connection not to be cut off due to network
environment blocked by any reason.
¾
V
PN TRUNK-VPN Backup mechanism
can judge abnormal situation for the
environment of VPN server and correct it to complete the backup of VPN Tunnel in
real-time.
¾
V
PN TRUNK-VPN Backup mechanism
is compliant with all WAN modes
(single/multi)
¾
Dial-out connection types contain IPSec, PPTP, L2TP, L2TP over IPSec and ISDN
(depends on hardware specification)
Page 155 / 298
igor2930 Series User’s Guide
147
¾
The web page is simple to understand and easy to configure
¾
Filly compliant with VPN Server LAN Sit Single/Multi Network
¾
Mail Alert support, please refer to
System Maintenance >> SysLog / Mail Alert
for
detailed configuration
¾
Syslog support, please refer to
System Maintenance >> SysLog / Mail Alert
for
detailed configuration
¾
Specific ERD (Environment Recovery Detection) mechanism which can be operated by
using Telnet command
V
PN TRUNK-VPN Backup mechanism
profile will be activated when initial connection
of single VPN tunnel is off-line. Before setting VPN TRUNK
-VPN Backup mechanism
backup profile, please configure at least two sets of LAN-to-LAN profiles (with fully
configured dial-out settings) first, otherwise you will not have selections for grouping
Member1 and Member2.
Features of VPN TRUNK – VPN Load Balance Mechanism
VPN Load Balance Mechanism can set multiple VPN tunnels for using as traffic load
balance tunnel. It can assist users to do effective load sharing for multiple VPN tunnels
according to real line bandwidth. Moreover, it offers three types of algorithms for load
balancing and binding tunnel policy mechanism to let the administrator manage the network
more flexibly.
¾
Three types of load sharing algorithm offered, Round Robin, Weighted Round Robin
and Fastest
¾
Binding Tunnel Policy mechanism allows users to encrypt the data in transmission or
specified service function in transmission and define specified VPN Tunnel for having
effective bandwidth management.
¾
Dial-out connection types contain IPSec, PPTP, L2TP, L2TP over IPSec and
GRE over IPSec
¾
The web page is simple to understand and easy to configure
¾
The TCP Session transmitted by using VPN TRUNK-VPN Load Balance
mechanism will not be lost due to one of VPN Tunnels disconnected. Users do
not need to reconnect with setting TCP/UDP Service Port again. The VPN Load
Balance function can keep the transmission for internal data on tunnel stably.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top