Table of Contents
Advertisement
Ubee Interactive
DDW2600 Wireless & DDC2700 Commercial Cable Modem/Router Subscriber User Guide • May, 2010
Network Address
Enter the network address type:
Type
Remote address
Input the IP address value when choosing an IP address in Network
Address Type. Input the FQDN if FQDN is selected. This field is
used to identify the specific remote IPSec VPN gateway to which
your cable modem will initiate IPSec VPN connection.
IPSec Settings
Configure the IPSec protocol related parameters in the following
fields.
Pre-shared Key
Enter your pre-shared key in this field. A pre-shared key identifies a
communicating party during a phase 1 IKE negotiation. It is called
"pre-shared" because you have to share it with another party before
you can communicate with them over a secure connection.
Phase 1 DH Group
Select which Diffie-Hellman key group (DHx) you want to use for
encryption keys:
Phase 1
Select which key size and encryption algorithm to use for data
Encryption
communications:
Phase 1
Select which hash algorithm to use to authenticate packet data in
Authentication
the IKE SA. Choices are SHA1 and MD5. SHA1 is generally
considered stronger than MD5, but it is also slower.
Phase 1 SA
Define the length of time before an IKE SA automatically
Lifetime
renegotiates a key. It may range from 120 to 86400 seconds. A short
SA lifetime increases security by forcing the two VPN gateways to
update the encryption and authentication keys. However, every time
the VPN tunnel renegotiates the keys, all users accessing remote
resources are temporarily disconnected.
IP address, usually suitable for static public IP address.
Fully Qualified Domain Name (FQDN), usually suitable for
dynamic public IP address.
DH1 - use a 768-bit random number
DH2 - use a 1024-bit random number
DH5 - user a 1536-bit random number
DES - a 56-bit key with the DES encryption algorithm
3DES - a 168-bit key with the DES encryption algorithm. The
DDW2600 Wireless & DDC2700 Commercial Cable
Modem/Router and the remote IPSec router must use the same
algorithms and key, which can be used to encrypt and decrypt
the messages or to generate and verify a message
authentication code. Longer keys require more processing
power, resulting in increased latency and decreased throughput.
AES - Advanced Encryption Standard is a newer method of data
encryption that also uses a secret key. This implementation of
AES applies a 128-bit key to 128-bit blocks of data. AES is
faster than 3DES. Here you have the choice AES-128, AES-
192, AES-256
MD5 (Message Digest 5) produces a 128-bit digest to
authenticate packet data.
SHA1 (Secure Hash Algorithm) produces a 160-bit digest to
authenticate packet data.
4.4.3 VPN - Configure
65
Hide quick links:
Advertisement
Table of Contents
