46

•

Maxtime to complete phase 1

– The aim of phase 1 is to

authenticate and establish a secure tunnel, which will protect

further IKE negotiation. The maximum time default is 300 sec.

•

Maxtime to complete phase 2

– Really establish the IPSec

SAs. By default the maximum time is 300 sec.

•

Count Per Send

– Number of duplicated packets for resend.

•

NAT Traversal Port

– If there is other router on the network

and didn’t support VPN pass through, when you connect the

SP880B to the router and want to make a VPN connection, this

function will allow the VPN packets to pass through the router

and make a VPN connection without any problem.

Log Level

It is a VPN Log Level. Select a VPN log level that you like to display

on VPN log.

7.2

IPSec Policy Setup

VPN Policy Setup is to define the VPN phase 2 policy, including encryption and

authentication methods. Once you have made the configuration you can press the

“connection” button to make the VPN connection. You can also press “set option” button to

do more detail of VPN policy.

47

Figure: IPSec Policy Setup

Settings – IPSec Policy Setup

Policy Entry

•

Tunnel Name

– Given a name for this tunnel.

•

State

– Enable/Disable VPN policy state.

Traffic Binding

•

Interface

– Select WAN1 for binding VPN tunnel.

Local Identity

Option

•

Type

– There are three local WAN identity types to choose

from: IP address, domain name and distinguished name.

Traffic Selector

•

Protocol Type

–

You can choose either

TCP/UDP/ICMP/GRE protocol as your connection protocol.

By default the protocol type is “Any”.

•

Local Security Network

– These entries identify the private

network on this VPN router, the hosts of which can use the

LAN-to-LAN connection. You can choose a single IP

address, the subnet, or a selected IP range to make VPN

LAN-to-LAN connection.

•

Remote Security Network

– These entries identify the

private network on the remote peer VPN router whose hosts

can use the LAN-to-LAN connection. You can choose a

single IP address, the subnet, or a selected IP range to make

VPN connection

•

Remote Security Gateway

– You can either select remote

side domain name or remote side IP address (WAN IP

48

address) as your remote side security gateway.

Security Level

•

Encryption Method

– It specifies the encryption mechanism

to use. Data encryption makes the data unreadable if

intercepted. There are three encryption method available;

DES/3DES and AES. The default is null.

•

Authentication

– It specifies the packets authentication

mechanism to use. Packets authentication confirms that data

comes from the source you think it comes from. There are

three authentications available. MD5, SHA1 and SHA2.

Key

Management

•

Key Type

– There are two key types (manual key and auto

key) available for the key exchange management.

•

Manual Key

– If manual key is selected, no key negotiation

is needed. Encryption Key- This field specifies a key to

encrypt and decrypt IP traffic. Authentication Key – This field

specifies a key use to authentication IP traffic.

Inbound/outbound SPI (Security Parameter Index) – is

carried on the ESP header. Each tunnel must have a unique

inbound and outbound SPI, and no two tunnels share the

same SPI. Notice that Inbound SPI must match the other

router’s outbound SPI.

•

AutoKey (IKE)

– There are two types of operation modes

can be used.

1.

Main mode

accomplishes a phase one IKE exchange

establishing a secure channel.

2.

Aggressive Mode

is another way of accomplishing a

phase one exchange. It is faster and simpler than main

mode, but does not provide identity protection for the

negotiating nodes.

•

Perfect Forward Secrecy

(PFS) – If PFS is enabled, IKE

phase 2 negotiation will generate a new key material for IP

traffic encryption & authentication. Preshared Key – This

field is to authenticate the remote IKE peer.

•

Key Lifetime

- This is specified the lifetime of the IKE

generated Key. If the time expires or data is passed over this

volume, a new key will be renegotiated. By default, 0 is for no

49

limit.

Tunnel List

•

List all VPN tunnel that you have configured, so you can

modify, update, and delete each VPN record.

50

8. QoS Configuration

Overview

The Router supports QoS, providing high quality of network service.

It will classify outgoing packets based on policies defined by users and provide better

response or performance to various real-time applications.

8.1

QoS Setup

The following web page management will guide you on how to setup QoS and make QoS

work.

Figure: QoS Setup

Settings – QoS Setup.

QoS Feature

•

Enable QoS

– Users can choose to Enable QoS (Quality of

Service). If set to "enable" QoS, the QoS will allow higher

priority packets to pass through the device first.

•

Queuing Method

–The methods for managing your queue.

"Priority Queuing" is one of the first queuing variations to be

widely implemented. This is based on the concept that certain

types of traffic can be identified and shuffled to the front of the

output queue, so that some traffic are always transmitted

ahead of others.

IP TOS (Type

of Service)

Feature

•

Process TOS Field

–An 8 bits field in the IP packet header

designed to contain values indicating how each packet should

be handled in the network. If you choose "enable" then this

function will process the IP Type of Service field.

•

Overwrite policy priority

– Choose “yes” to set the priority of

TOS field in IP packet and overwrite the priority defined in

policy configuration