Vigor2952 Series User’s Guide
249
I
I
V
V
-
-
1
1
-
-
5
5
I
I
P
P
s
s
e
e
c
c
G
G
e
e
n
n
e
e
r
r
a
a
l
l
S
S
e
e
t
t
u
u
p
p
In IPsec General Setup, there are two major parts of configuration.
There are two phases of IPsec.
Phase 1: negotiation of IKE parameters including encryption, hash, Diffie-Hellman
parameter values, and lifetime to protect the following IKE exchange, authentication of
both peers using either a Pre-Shared Key or Digital Signature (x.509). The peer that
starts the negotiation proposes all its policies to the remote peer and then remote peer
tries to find a highest-priority match with its policies. Eventually to set up a secure
tunnel for IKE Phase 2.
Phase 2: negotiation IPsec security methods including Authentication Header (AH) or
Encapsulating Security Payload (ESP) for the following IKE exchange and mutual
examination of the secure tunnel establishment.
There are two encapsulation methods used in IPsec, Transport and Tunnel. The Transport
mode will add the AH/ESP payload and use original IP header to encapsulate the data payload
only. It can just apply to local packet, e.g., L2TP over IPsec. The Tunnel mode will not only
add the AH/ESP payload but also use a new IP header (Tunneled IP header) to encapsulate the
whole original IP packet.
Authentication Header (AH) provides data authentication and integrity for IP packets passed
between VPN peers. This is achieved by a keyed one-way hash function to the packet to
create a message digest. This digest will be put in the AH and transmitted along with packets.
On the receiving side, the peer will perform the same one-way hash on the packet and
compare the value with the one in the AH it receives.
Encapsulating Security Payload (ESP) is a security protocol that provides data confidentiality
and protection with optional authentication and replay detection service.
Available settings are explained as follows:
Item Description
IKE Authentication
Method
This usually applies to those are remote dial-in user or node
(LAN-to-LAN) which uses dynamic IP address and
IPsec-related VPN connections such as L2TP over IPsec and
IPsec tunnel. There are two methods offered by Vigor router
for you to authenticate the incoming data coming from
remote dial-in user, Certificate (X.509) and Pre-Shared
Summary of Contents for Vigor 2952 series
Page 1: ......
Page 58: ...Vigor2952 Series User s Guide 46 ...
Page 106: ...Vigor2952 Series User s Guide 94 ...
Page 144: ...Vigor2952 Series User s Guide 132 Refresh Reload the record ...
Page 149: ...Vigor2952 Series User s Guide 137 ...
Page 244: ...Vigor2952 Series User s Guide 232 This page is left blank ...
Page 249: ...Vigor2952 Series User s Guide 237 When you choose IPsec you will see the following graphic ...
Page 314: ...Vigor2952 Series User s Guide 302 This page is left blank ...
Page 337: ...Vigor2952 Series User s Guide 325 ...
Page 372: ...Vigor2952 Series User s Guide 360 This page is left blank ...
Page 385: ...Vigor2952 Series User s Guide 373 ...
Page 460: ...Vigor2952 Series User s Guide 448 ...
Page 560: ...Vigor2952 Series User s Guide 548 This page is left blank ...
Page 588: ...Vigor2952 Series User s Guide 576 ...
Page 595: ...Vigor2952 Series User s Guide 583 ...
Page 599: ...Vigor2952 Series User s Guide 587 ...
Page 601: ...Vigor2952 Series User s Guide 589 P Pa ar rt t I IX X D Dr ra ay yT Te ek k T To oo ol ls s ...
Page 606: ...Vigor2952 Series User s Guide 594 This page is left blank ...
Page 635: ...Vigor2952 Series User s Guide 623 ...
Page 693: ...Vigor2952 Series User s Guide 681 Executation category bas bat com exe inf pif reg scr ...
Page 802: ...Vigor2952 Series User s Guide 790 This page is left blank ...