Hamlet HRDSL742W Router Manual PDF (Setup & Configuration Guide)

Page 81 / 122 Scroll up to view Page 76 - 80

(Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Chapter 4: Configuration

75

Authentication:

Authentication establishes the integrity of the datagram and ensures it is

not tampered with in transmit. There are three options, Message Digest 5 (

MD5

), Secure

Hash Algorithm (

SHA-1

) or

NONE

. SHA-1 is more resistant to brute-force attacks than MD5,

however it is slower.

~

MD5:

A one-way hashing algorithm that produces a 128

−

bit hash.

~

SHA-1:

A one-way hashing algorithm that produces a 160

−

bit hash.

Encryption:

Select the encryption method from the pull-down menu. There are four

options,

DES

,

3DES

,

AES

and

NONE

. NONE means it is a tunnel only with no encryption.

3DES and AES are more powerful but increase latency.

~

DES:

Stands for Data Encryption Standard, it uses 56 bits as an encryption method.

~

3DES:

Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an

encryption method.

~

AES:

Stands for Advanced Encryption Standards, it uses 128 bits as an encryption

method.

Perfect Forward Secrecy:

Choose whether to enable PFS using Diffie-Hellman public-key

cryptography to change encryption keys during the second phase of VPN negotiation. This

function will provide better security, but extends the VPN negotiation time. Diffie-Hellman is

a public-key cryptography protocol that allows two parties to establish a shared secret over

an unsecured communication channel (i.e. over the Internet). There are three modes, MODP

768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for Modular Exponentiation

Groups.

Pre-shared Key:

This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128

characters. Both sides should use the same key. IKE is used to establish a shared security

policy and authenticated keys for services (such as IPSec) that require a key. Before any

IPSec traffic can be passed, each router must be able to verify the identity of its peer. This

can be done by manually entering the pre-shared key into both sides (router or hosts).

Select the

Save

button to save the setting.

Page 82 / 122

(Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Chapter 4: Configuration

76

Advanced Option

Click

Advanced Option

to change the following settings:

IKE Mode:

Select IKE mode to Main mode or Aggressive mode.

Local ID:

~

Type:

Specify local ID type.

~

Content:

Input ID’s information, like domain name

www.ipsectest.com

.

Remote ID:

~

Type:

Specify Remote ID type.

~

Identifier:

Input remote ID’s information, like domain name

www.ipsectest.com

.

SA Lifetime:

Specify the number of minutes that a Security Association (SA) will stay active

before new encryption and authentication key will be exchanged. There are two kinds of

SAs, IKE and IPSec. IKE negotiates and establishes SA on behalf of IPSec, an IKE SA is

used by IKE.

Phase 1 (IKE):

To issue an initial connection request for a new VPN tunnel. The range can

be from 5 to 15,000 minutes, and the default is 240 minutes.

Phase 2 (IPSec):

To negotiate and establish secure authentication. The range can be from

5 to 15,000 minutes, and the default is 60 minutes.

A short SA time increases security by forcing the two parties to update the keys. However,

every time the VPN tunnel re-negotiates, access through the tunnel will be temporarily

disconnected.

Select the

Apply

button to update the settings.

Page 83 / 122

(Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Chapter 4: Configuration

77

L2TP

There are two types of L2TP VPN supported,

Remote Access

and

LAN-to-LAN

(please

refer below for more information.). Click

Create

to configure a new VPN connection.

Page 84 / 122

(Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Chapter 4: Configuration

78

Remote Access L2TP Connection

Connection Name:

This allows you to identify this particular connection, e.g. “Connection to

office”.

Type:

Check

Dial Out

if you want your router to operate as a client (connecting to a remote

VPN server, e.g. your office server), check

Dial In

operates as a VPN server.

When configuring your router as a Client, enter the remote

Server IP

Address

(or

Hostname)

you wish to connection to.

When configuring your router as a server, enter the

Private IP Address Assigned to

Dial in User

address.

Username:

If you are a Dial-Out user (client), enter the username provided by your Host.

If

you are a Dial-In user (server), enter your own username.

Password:

If you are a Dial-Out user (client), enter the password provided by your Host.

If

you are a Dial-In user (server), enter your own password.

PPP Authentication Type:

Default is

Auto

if you want the router to determine the

authentication type to use, or else manually specify CHAP (Challenge Handshake

Authentication Protocol) or PAP (Password Authentication Protocol) if you know which type

the server is using (when acting as a client), or else the authentication type you want clients

connecting to you to use (when acting as a server). When using PAP, the password is sent

unencrypted, whilst CHAP encrypts the password before sending, and also allows for

challenges at different periods to ensure that the client has not been replaced by an intruder.

Idle Time

: Auto-disconnect the VPN connection when there is no activity on the connection

for a predetermined period of time. 0 means this connection is always on.

Click

Apply

after changing settings.

IPSec:

Enable for enhancing your LT2P VPN security.

Page 85 / 122

(Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Chapter 4: Configuration

79

Authentication:

Authentication establishes the integrity of the datagram and ensures it is

not tampered with in transmit. There are three options, Message Digest 5 (

MD5

), Secure

Hash Algorithm (

SHA-1

) or

NONE

. SHA-1 is more resistant to brute-force attacks than MD5,

however it is slower.

~

MD5:

A one-way hashing algorithm that produces a 128

−

bit hash.

~

SHA-1:

A one-way hashing algorithm that produces a 160

−

bit hash.

Encryption:

Select the encryption method from the pull-down menu. There are four options,

DES

,

3DES

,

AES

and

NONE

. NONE means it is a tunnel only with no encryption. 3DES and

AES are more powerful but increase latency.

~

DES:

Stands for Data Encryption Standard, it uses 56 bits as an encryption method.

~

3DES:

Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an

encryption method.

~

AES:

Stands for Advanced Encryption Standards, it uses 128 bits as an encryption

method.

Perfect Forward Secrecy:

Choose whether to enable PFS using Diffie-Hellman public-key

cryptography to change encryption keys during the second phase of VPN negotiation. This

function will provide better security, but extends the VPN negotiation time. Diffie-Hellman is a

public-key cryptography protocol that allows two parties to establish a shared secret over an

unsecured communication channel (i.e. over the Internet). There are three modes, MODP

768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for Modular Exponentiation

Groups.

Pre-shared Key:

This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128

characters. Both sides should use the same key. IKE is used to establish a shared security

policy and authenticated keys for services (such as IPSec) that require a key. Before any

IPSec traffic can be passed, each router must be able to verify the identity of its peer. This

can be done by manually entering the pre-shared key into both sides (router or hosts).

Rate

Popular Hamlet Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share