Zoom 5360 Router Manual PDF (Setup & Configuration Guide)

Page 111 / 126 Scroll up to view Page 106 - 110

Figure 39. Example of IPSec Page

111

Page 112 / 126

Table 34. IPSec Menu Option

Option

Description

Tunnel

This is a pull-down list of VPN Names defined below. Select the

specific VPN tunnel to configure.

Name

Enter a VPN name and click

Add New Tunnel

.

Local Endpoint

Settings

Configure the local network located at your Cable

Modem/Router’s LAN side.

Address Group Type

Define the local address type. Select IP Subnet to protect the

whole subnet; select Single IP address to protect a single PC or

device; select IP address range to protect several PCs, or

devices.

Subnet

Enter the subnet scale for address group.

Mask

Enter the subnet mask for address group.

Identity Type

Select the type to identify the Cable Modem/Router. The

choices are:WAN IP address, LAN IP address, FQDN (Fully

Qualified Domain Name) or Email address.

Identity

Enter the value corresponding to the selected identity type.

Remote Endpoint

Settings

Record the parameters of the network on which the peer VPN is

located.

Address Group Type

Define the local address type. Select IP Subnet to protect the

whole subnet; select Single IP address to protect a single PC;

select IP address range to protect several PCs.

Subnet

Enter the subnet for address group.

Mask

Enter the subnet mask for address group.

Identity Type

Select the type to identify the Cable Modem/Router. The

choices are WAN IP address, IP address, FQDN or Email

address.

Identity

Enter the value corresponding to the selected identity type.

Network Address

Type

Enter the IP address or domain name of the peer VPN Cable

Modem/Router. You can select IP address, which is typically

suitable for static public IP addresses or FQDN, which is

typically suitable for dynamic public IP address.

Remote Address

Enter IP address according to the

Network Address Type

.

112

Page 113 / 126

IPSec Settings

Configure the IPSec protocol related parameters.

Pre-Shared Key

Enter a key (Pre-Shared key) for authentication.

Phase 1DH Group

Select the Diffie-Hellman key group (DHx) you want to use for

encryption keys.

DH1: uses a 768-bit random number

DH2: uses a 1024-bit random number

DH5: uses a 1536-bit random number.

Phase 1 Encryption

Select the key size and encryption algorithm to use for data

communications.

DES: a 56-bit key with the DES encryption algorithm

3DES: a 168-bit key with the DES encryption algorithm. Both

the Cable Modem/Router and the remote IPSec router must use

the same algorithms and key, which can be used to encrypt and

decrypt the message or to generate and verify a message

authentication code. Longer keys require more processing

power, resulting in increased latency and decreased

throughput.

AES: AES (Advanced Encryption Standard) is a newer method

of data encryption that also uses a secret key. This

implementation of AES applies a 128-bit key to 128-bit blocks of

data. AES is faster than 3DES. Here you have the choice of

AES-128, AES-192 and AES-256.

Phase 1

Authentication

Select the hash algorithm used to authenticate packet data in

the IKE SA.

SHA1: generally considered stronger than MD5, but it is also

slower.

MD5 (Message Digest 5): produces a 128-bit digest to

authenticate packet data.

SHA1 (Secure Hash Algorithm): produces a 160-bit digest to

authenticate packet data.

Phase 1 SA Lifetime

In this field define the length of time before an IKE SA

automatically renegotiates. This value may range from 120 to

86400 seconds. A short SA lifetime increases security by

forcing the two VPN Cable Modem/Router’s to update the

encryption and authentication keys. However, every time the

113

Page 114 / 126

VPN tunnel renegotiates, all users accessing remote resources

are temporarily disconnected.

Phase 2 Encryption

Select the key size and encryption algorithm to use for data

communications.

Null: No data encryption in IPSec SA. Not recommended.

DES: a 56-bit key with the DES encryption algorithm

3DES: a 168-bit key with the DES encryption algorithm. Both

the Cable Modem/Router and the remote IPSec router must use

the same algorithms and key , which can be used to encrypt and

decrypt the message or to generate and verify a message

authentication code. Longer keys require more processing

power, resulting in increased latency and decreased

throughput.

AES: Advanced Encryption Standard is a newer method of data

encryption that also uses a secret key. This implementation of

AES applies a 128-bit key to 128-bit blocks of data. AES is

faster than 3DES. Here you have the choice of AES-128,

AES-192 and AES-256.

Phase 2

Authentication

Select the hash algorithm used to authenticate packet data in

the IKE SA. SHA1 is generally considered stronger than MD5,

but it is also slower.

Phase 2 SA Lifetime

In this field define the length of time before an IPSec SA

automatically renegotiates. This value may range from 120 to

86400 seconds.

Key Management

Select to use IKE (ISAKMP) or manual key configuration in

order to set up a VPN.

IKE Negotiation

Mode

Select how Security Association (SA) will be established for

each connection through IKE negotiations.

Main Mode: ensures the highest level of security when the

communicating parties are negotiating authentication (phase 1).

Aggressive Mode: quicker than Main Mode because it

eliminates several steps when the communicating parties are

negotiating authentication (phase 1).

Perfect Forward

Secrecy (PFS)

Perfect Forward Secret (PFS) is disabled by default in phase 2

IPSec SA setup. This allows faster IPSec setup, but is not as

secure. You can select DH1, DH2 or DH5 to enable PFS.

114

Page 115 / 126

Phase 2 DH Group

Select DHx after enabling PFS.

Replay Detection

Select Enable to enable replay detection. As VPN setup is

processing intensive, the system is vulnerable to Denial of

Service (DOS) attacks. The IPSec receiver can detect and

reject old or duplicate packets to protect against replay attacks.

NetBIOS Broadcast

Forwarding

Select Enable to send NetBIOS (Network Basic Input/Output

System) packets through the VPN connection. NetBIOS

packets are TCP or UDP packets that enable a computer to find

other computers. It may sometimes be necessary to allow

NetBIOS packets to pass through VPN tunnels in order to allow

local computers to find computers on the remote network and

vice versa.

Dead Peer Detection

Select Enable to force the Cable Modem/Router to periodically

detect if the remote IPSec Cable Modem/Router is available or

not.

Manual Encryption

Key

If Manual mode is selected in the Key Management field, enter a

16 hexadecimal digits manual encryption key for encryption.

Manual

Authentication Key

Enter a 32 hexadecimal digit unique authentication key to be

used by IPSec.

Inbound SPI

Enter a unique SPI (Security Parameter Index) for inbound SPI.

Outbound SPI

Enter a unique SPI (Security Parameter Index) for outbound

SPI.

L2TP/PPTP

The L2TP/PPTP page allows you to configure server and security settings. The L2TP

(Layer 2 Tunneling Protocol) and PPTP (Point-to-Point Tunneling Protocol) both allow

PPP frames to be tunneled through the network. PPTP is a Microsoft proprietary

protocol, which is very similar to L2TP.

To access the

L2TP/PPTP

page:

1

Click

VPN

in the menu bar.

2

Then click the

L2TP/PPTP

submenu.

Figure 40 shows an example of the menu and Table 32 describes the items you can

select.

115

Rate

Popular Zoom Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share