Ipsec General Setup - Draytek Vigor 3100 User Manual

Vigor 3100 series

Hide thumbs Also See for Vigor 3100:

Specifications (2 pages)

User manual (122 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

Table of Contents

Require MPPE (40/128bits) Selecting this option will force the router to encrypt packets by

Maximum MPPE

Mutual Authentication (PAP)

Start IP Address

In IPSec General Setup, there are two major parts of configuration.

There are two phases of IKE/IPSec.

Phase 1: negotiation of IKE parameters including encryption, hash, Diffie-Hellman

parameter values, and lifetime to protect the following IKE exchange, authentication of

both peers using either a Pre-Shared Key or Digital Signature (x.509). The peer that

starts the negotiation proposes all its policies to the remote peer and then remote peer

tries to find a highest-priority match with its policies. Eventually to set up a secure tunnel

for IKE Phase 2.

Phase 2: negotiation IPSec security methods including Authentication Header (AH)

and/or Encapsulating Security Payload (ESP) for the following IKE exchange and

mutual examination of the secure tunnel establishment.

Authentication Header (AH) provides data authentication and integrity for IP packets passed

between VPN peers. This is achieved by a keyed one-way hash function to the packet to create

a message digest. This digest will be put in the AH and transmitted along with packets. On the

receiving side, the peer will perform the same one-way hash on the packet and compare the

value with the one in the AH it receives.

Encapsulating Security Payload (ESP) is a security protocol that provides data confidentiality

and protection with optional authentication and replay detection service. Vigor supports IPSec

used ESP to encrypt the data payload. There are two encryption methods in IPSec: Transport

and Tunnel. Transport mode encrypts only the data portion, a.k.a. payload, of each packet, but

not the header. Transport mode is used in L2TP over IP Sec. The more secure Tunnel mode

encrypts both the header and the payload. Tunnel mode is used in IPSec. ESP can be used

alone or in conjunction with AH.

Vigor3100 Series User's Guide

"no MPPE encrypted packets". Otherwise, the MPPE

encryption scheme will be used to encrypt the data.

using the MPPE encryption algorithm. In addition, the remote

dial-in user will use 40-bit to perform encryption prior to using

128-bit for encryption. In other words, if 40-bit MPPE

encryption method is not available, then 128-bit encryption

scheme will be applied to encrypt the data.

This option indicates that the router will use the MPPE

encryption scheme with maximum bits (128 bits) to encrypt the

data.

communicate with other routers or clients who need

bi-directional authentication in order to provide stronger

security, for example, Cisco routers. So you should enable this

function when your peer router requires mutual authentication.

You should further specify the User Name and Password of

the mutual authentication peer.

Enter a start IP address for the dial-in PPP connection. You

should choose an IP address from the local private network.

For example, if the local private network is

192.168.1.0/255.255.255.0, you could choose 192.168.1.202 to

be the Start IP Address.

The Mutual Authentication function is mainly used to

Table of Contents

This manual is also suitable for:

Vigor 3100g Vigor 3100i Vigor 3100v

Ipsec General Setup - Draytek Vigor 3100 User Manual

Related Manuals for Draytek Vigor 3100

Related Content for Draytek Vigor 3100

This manual is also suitable for:

Table of Contents