Ipsec General Setup - Draytek vigor2920 series User Manual
Dual-wan security router
Hide thumbs
Also See for vigor2920 series:
- User manual (434 pages) ,
- User manual (370 pages) ,
- User manual (40 pages)
Table of Contents
Advertisement
Item
Dial-In PPP Encryption
(MPPE Optional MPPE
Mutual Authentication
(PAP)
Assigned IP Start
After finishing all the settings here, please click OK to save the configuration.
4
.
1
0
.
5
I
P
S
e
c
G
4
.
1
0
.
5
I
P
S
e
c
G
In IPSec General Setup, there are two major parts of configuration.
There are two phases of IPSec.
Phase 1: negotiation of IKE parameters including encryption, hash, Diffie-Hellman
parameter values, and lifetime to protect the following IKE exchange, authentication of
both peers using either a Pre-Shared Key or Digital Signature (x.509). The peer that
starts the negotiation proposes all its policies to the remote peer and then remote peer
tries to find a highest-priority match with its policies. Eventually to set up a secure tunnel
for IKE Phase 2.
Phase 2: negotiation IPSec security methods including Authentication Header (AH) or
Encapsulating Security Payload (ESP) for the following IKE exchange and mutual
examination of the secure tunnel establishment.
Vigor2920 Series User's Guide
Description
Optional MPPE - This option represents that the MPPE
encryption method will be optionally employed in the router
for the remote dial-in user. If the remote dial-in user does not
support the MPPE encryption algorithm, the router will
transmit "no MPPE encrypted packets". Otherwise, the MPPE
encryption scheme will be used to encrypt the data.
Require MPPE (40/128bits) - Selecting this option will force
the router to encrypt packets by using the MPPE encryption
algorithm. In addition, the remote dial-in user will use 40-bit to
perform encryption prior to using 128-bit for encryption. In
other words, if 128-bit MPPE encryption method is not
available, then 40-bit encryption scheme will be applied to
encrypt the data.
Maximum MPPE - This option indicates that the router will
use the MPPE encryption scheme with maximum bits (128-bit)
to encrypt the data.
The Mutual Authentication function is mainly used to
communicate with other routers or clients who need
bi-directional authentication in order to provide stronger
security, for example, Cisco routers. So you should enable this
function when your peer router requires mutual authentication.
You should further specify the User Name and Password of
the mutual authentication peer.
Enter a start IP address for the dial-in PPP connection. You
should choose an IP address from the local private network.
For example, if the local private network is
192.168.1.0/255.255.255.0, you could choose 192.168.1.200 as
the Start IP Address.
You can configure up to four start IP addresses for LAN1 ~
LAN4.
e
n
e
r
a
l
S
e
t
u
p
e
n
e
r
a
l
S
e
t
u
p
262
Advertisement
Table of Contents
