1. Home
  2. /
  3. Manuals
  4. /
  5. Zoom
  6. /
  7. 5354
  8. /
  9. 25
Page 121 / 143 Scroll up to view Page 116 - 120
121
VPN tunnel renegotiates, all users accessing remote resources
are temporarily disconnected.
Phase 2 Encryption
Select the key size and encryption algorithm to use for data
communications.
Null: No data encryption in IPSec SA. Not recommended.
DES: a 56-bit key with the DES encryption algorithm
3DES: a 168-bit key with the DES encryption algorithm. Both
the Cable Modem/Router and the remote IPSec router must use
the same algorithms and key , which can be used to encrypt and
decrypt the message or to generate and verify a message
authentication code. Longer keys require more processing
power, resulting in increased latency and decreased
throughput.
AES: Advanced Encryption Standard is a newer method of data
encryption that also uses a secret key. This implementation of
AES applies a 128-bit key to 128-bit blocks of data. AES is
faster than 3DES. Here you have the choice of AES-128,
AES-192 and AES-256.
Phase 2
Authentication
Select the hash algorithm used to authenticate packet data in
the IKE SA. SHA1 is generally considered stronger than MD5,
but it is also slower.
Phase 2 SA Lifetime
In this field define the length of time before an IPSec SA
automatically renegotiates. This value may range from 120 to
86400 seconds.
Key Management
Select to use IKE (ISAKMP) or manual key configuration in
order to set up a VPN.
IKE Negotiation
Mode
Select how Security Association (SA) will be established for
each connection through IKE negotiations.
Main Mode: ensures the highest level of security when the
communicating parties are negotiating authentication (phase 1).
Aggressive Mode: quicker than Main Mode because it
eliminates several steps when the communicating parties are
negotiating authentication (phase 1).
Perfect Forward
Secrecy (PFS)
Perfect Forward Secret (PFS) is disabled by default in phase 2
IPSec SA setup. This allows faster IPSec setup, but is not as
secure. You can select DH1, DH2 or DH5 to enable PFS.
Page 122 / 143
122
Phase 2 DH Group
Select DHx after enabling PFS.
Replay Detection
Select Enable to enable replay detection. As VPN setup is
processing intensive, the system is vulnerable to Denial of
Service (DOS) attacks. The IPSec receiver can detect and
reject old or duplicate packets to protect against replay attacks.
NetBIOS Broadcast
Forwarding
Select Enable to send NetBIOS (Network Basic Input/Output
System) packets through the VPN connection. NetBIOS
packets are TCP or UDP packets that enable a computer to find
other computers. It may sometimes be necessary to allow
NetBIOS packets to pass through VPN tunnels in order to allow
local computers to find computers on the remote network and
vice versa.
Dead Peer Detection
Select Enable to force the Cable Modem/Router to periodically
detect if the remote IPSec Cable Modem/Router is available or
not.
Manual Encryption
Key
If Manual mode is selected in the Key Management field, enter a
16 hexadecimal digits manual encryption key for encryption.
Manual
Authentication Key
Enter a 32 hexadecimal digit unique authentication key to be
used by IPSec.
Inbound SPI
Enter a unique SPI (Security Parameter Index) for inbound SPI.
Outbound SPI
Enter a unique SPI (Security Parameter Index) for outbound
SPI.
L2TP/PPTP
The L2TP/PPTP page allows you to configure server and security settings. The L2TP
(Layer 2 Tunneling Protocol) and PPTP (Point-to-Point Tunneling Protocol) both allow
PPP frames to be tunneled through the network. PPTP is a Microsoft proprietary
protocol, which is very similar to L2TP.
To access the
L2TP/PPTP
page:
1
Click
VPN
in the menu bar.
2
Then click the
L2TP/PPTP
submenu.
Figure 40 shows an example of the menu and Table 32 describes the items you can
select.
Page 123 / 143
123
Figure 40. Example of L2TP/PPTP Page
Page 124 / 143
124
Table 35. L2TP/PPTP Menu Option
Option
Description
PPP Address Range
(Start/End)
Configure the dedicated IP address pool for L2TP/PPTP. The
LAN IP subnet at one end of the VPN tunnel must be different
from the LAN.
IP subnet at the other end of the VPN tunnel. For example, if
one side’s LAN subnet is 192.168.
0
.x, then the other side
should be 192.168.
1
.x (where the subnet mask in this
example is 255.255.255.0).
PPP Security (MPPE
Encryption)
Select Enable to enable MPPE (Microsoft Point-to-Point
Encryption). MPPE is used to enhance the confidentiality of
PPP-encapsulated packets. It uses the RSA RC4 encryption
algorithm.
Username
Enter the user name for the L2TP or PPTP tunneling.
Password
Enter the password for the L2TP or PPTP tunneling.
Confirm Password
Re-enter to confirm the password.
User List
Show the existing user list.
L2TP Server
(Preshared Phrase)
Enter a key (Pre-Shared key) for authentication. This key is
used by IPSec to validate the computer as a trusted machine.
Event Log
The Event Log page shows the VPN event log.
To access the
Event Log
page:
1
Click
VPN
in the menu bar.
2
Then click the
Event Log
submenu.
Figure 41 shows an example of the menu and Table 33 describes the items you can
select.
Page 125 / 143
125
Figure 41. Example of Event Log Page
Table 36. Event Log Menu Option
Option
Description
Time
Shows the local time mapping to a certain log event.
Description
Shows detailed information of a VPN event log.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top