Download
Share
Print this page
  1. Manuals
  2. Brands
  3. Draytek Manuals
  4. Network Router
  5. Vigor C410 Series
  6. User manual

Draytek Vigor C410 Series User Manual page 257

Vpn router with wlan/lte/5g-nr
Hide thumbs

Advertisement

Specify VPN Peer
X.509 Digital Signature
IKE Identifier
Local ID
Peer ID
More settings for IKE Authentication
IKE Phase 1
IKE Phase 2
Aggressive Mode – Main mode is more secure than Aggressive
mode since more exchanges are done in a secure channel to set up
the IPsec session. However, the Aggressive mode is faster.
It is available when IKEv1/v2 is selected as IPsec Dial-In Protocol.
This feature can restrict this IPsec to be initiated only by the specified
peer IP address or domain name, and specify the private key to be
used.
If enabled,
Remote IP – Enter the IP address of the remote peer.
Pre-Shared Key – Input characters as pre-shared key for
authentication.
It is available when IKEv1/v2 is selected as IPsec Dial-In Protocol.
To use an X.509 digital signature, select one of the authentication
methods and enter the required information for each method.
Select Accept Subject Alternative Name - The following three
formats of Peer ID are acceptable, including IP Address, Domain
Name, and Email.
Peer Certificate - Select a peer certificate that has been pre-obtained
and stored in Configuration>>Certificates Local Certificates.
Accept Subject Name – Enter the complete certificate subject name.
Accept Any - Any certificate signed by a trusted CA in
Configuration>>Certificates Trusted CA will be considered valid.
Set the local ID and Peer ID for identification.
Local ID and Peer ID are provided for certain connections that require
specifying an ID, such as IKEv1 using Aggressive mode and IKEv2
(optional).
Specify a local ID to be used when establishing a VPN connection
using IPsec VPN type.
Enter the ID name for the remote client.
If the values are specified, only connections coming from the specified
IP address and/or having the specified Peer ID will be accepted.
Encryption – Use Auto/AES/3DES/DES encryption algorithm and apply
MD5 or SHA-1 authentication algorithm.
Group – Specify a key exchange proposal.
Authentication – Select SHA256 or SHA1 for packet authentication.
Lifetime - For security reason, the lifetime of key should be defined.
The default value is 28800 seconds. You may specify a value in
between 900 and 86400 seconds.
Specify the security protocol, proposal encryption and proposal
authentication.
Security Protocol – AH (Medium) means data will be authenticated,
but not be encrypted. By default, this option is active. ESP (High)
means payload (data) will be encrypted and authenticated.
Encryption – Use AES/3DES/DES encryption algorithm.
Authentication – Select All, SHA256 or SHA1 for packet
authentication.
Lifetime – For security reason, the lifetime of key should be defined.
The default value is 3600 seconds. You may specify a value in between
247

Advertisement

loading
Need help?

Need help?

Do you have a question about the Vigor C410 Series and is the answer not in the manual?

Related Manuals for Draytek Vigor C410 Series

This manual is also suitable for:

Vigor c510 seriesVigor c410axVigor c510ax