Table 31. Basic Menu Option
Option
Description
L2TP Server
Select Enable to enable L2TP (Layer 2 Tunneling Protocol) server.
PPTP Server
Select Enable to enable PPTP (Point-to-Point Tunneling Protocol) server.
IPSec Endpoint
Select Enable to enable IPSec endpoint.
IPSec
The IPSec page allows you to configure IPSec tunnel and endpoint settings. A VPN tunnel is usually
established in two phases. Each phase establishes a security association (SA), a contract indicating
what security parameters cable modem/router and the remote IPSec cable modem/router will use.
•
The
first phase
establishes an Internet Key Exchange (IKE) SA between the cable
modem/router and the remote IPSec cable modem/router.
•
The
second phase
uses the IKE SA to securely establish an IPSec SA through which the
cable modem/router and remote IPSec cable modem/router can send data between
computers on the local network and remote network.
Before IPSec VPN configuration, try to familiarize yourself with terms like IPSec Algorithms,
Authentication Header and ESP protocol.
IPSec Algorithms
The ESP and AH protocols are necessary to create a Security Association (SA), the foundation of an
IPSec VPN. An SA is built from the authentication provided by the AH and ESP protocols. The
primary function of key management is to establish and maintain the SA between systems. Once the
SA is established, the transport of data may commence.
AH (Authentication Header) Protocol
The AH protocol (RFC 2402) was designed for integrity, authentication, sequence integrity (replay
resistance), and non-repudiation but not for confidentiality, for which the ESP was designed.
In applications where confidentiality is not required or not sanctioned by government encryption
restrictions, an AH can be employed to ensure integrity. This type of implementation does not
protect the information from dissemination but will allow for verification of the integrity of the
information and authentication of the originator.
ESP (Encapsulating Security Payload) Protocol
The ESP protocol (RFC 2406) provides encryption as well as the services offered by AH. ESP
authenticating properties are limited compared to the AH due to the non-inclusion of the IP header
information during the authentication process. However, ESP is sufficient if only the upper layer
protocols need to be authenticated. An added feature of the ESP is payload padding, which further
protects communications by concealing the size of the packet being transmitted.
89
Summary of Contents for 5350
Page 1: ...Cable Modem Router with Wireless N U S E R M A N U A L ...
Page 30: ...Table 4 describes the items you can select Figure 7 Example of Diagnostics Ping Page 30 ...
Page 39: ...Figure 13 Example of Backup Page 39 ...
Page 63: ...Figure 25 Example of Basic Page 63 ...
Page 71: ...Figure 29 Example of Radio Page 71 ...
Page 81: ...Figure 37 Example of Advanced Page 81 ...
Page 85: ...Figure 39 Example of WMM Page 85 ...