Ipsec General Setup - Draytek Vigor2710 Series User Manual
Adsl2/2+ firewall router
Hide thumbs
Also See for Vigor2710 Series:
- User manual (335 pages) ,
- Quick start manual (44 pages) ,
- User manual (232 pages)
Table of Contents
Advertisement
Dial-In PPP Encryption
(MPPE Optional MPPE
Mutual Authentication
(PAP)
Assigned IP Start
After finishing all the settings here, please click OK to save the configuration.
4
.
9
.
3
I
P
S
e
c
G
4
.
9
.
3
I
P
S
e
c
G
In IPSec General Setup, there are two major parts of configuration.
There are two phases of IPSec.
Phase 1: negotiation of IKE parameters including encryption, hash, Diffie-Hellman
parameter values, and lifetime to protect the following IKE exchange, authentication of
both peers using either a Pre-Shared Key or Digital Signature (x.509). The peer that
starts the negotiation proposes all its policies to the remote peer and then remote peer
tries to find a highest-priority match with its policies. Eventually to set up a secure
tunnel for IKE Phase 2.
Phase 2: negotiation IPSec security methods including Authentication Header (AH) or
Encapsulating Security Payload (ESP) for the following IKE exchange and mutual
examination of the secure tunnel establishment.
There are two encapsulation methods used in IPSec, Transport and Tunnel. The Transport
mode will add the AH/ESP payload and use original IP header to encapsulate the data
Vigor2710 Series User's Guide
e
n
e
r
a
l
S
e
t
u
p
e
n
e
r
a
l
S
e
t
u
p
This option represents that the MPPE encryption method
will be optionally employed in the router for the remote
dial-in user. If the remote dial-in user does not support the
MPPE encryption algorithm, the router will transmit "no
MPPE encrypted packets". Otherwise, the MPPE
encryption scheme will be used to encrypt the data.
Require MPPE (40/128bits) - Selecting this option will
force the router to encrypt packets by using the MPPE
encryption algorithm. In addition, the remote dial-in user
will use 40-bit to perform encryption prior to using 128-bit
for encryption. In other words, if 128-bit MPPE encryption
method is not available, then 40-bit encryption scheme will
be applied to encrypt the data.
Maximum MPPE - This option indicates that the router
will use the MPPE encryption scheme with maximum bits
(128-bit) to encrypt the data.
The Mutual Authentication function is mainly used to
communicate with other routers or clients who need
bi-directional authentication in order to provide stronger
security, for example, Cisco routers. So you should enable
this function when your peer router requires mutual
authentication. You should further specify the User Name
and Password of the mutual authentication peer.
Enter a start IP address for the dial-in PPP connection. You
should choose an IP address from the local private network.
For example, if the local private network is
192.168.1.0/255.255.255.0, you could choose
192.168.1.200 as the Start IP Address.
You can configure up to four start IP addresses for LAN.
204
Advertisement
Table of Contents
