Table 31. Basic Menu Option
Option
Description
L2TP Server
Select Enable to enable L2TP (Layer 2 Tunneling Protocol) server.
PPTP Server
Select Enable to enable PPTP (Point-to-Point Tunneling Protocol) server.
IPSec Endpoint
Select Enable to enable IPSec endpoint.
IPSec
The IPSec page allows you to configure IPSec tunnel and endpoint settings. A VPN tunnel is usually
established in two phases. Each phase establishes a security association (SA), a contract indicating
what security parameters cable modem/router and the remote IPSec cable modem/router will use.
•
The
first phase
establishes an Internet Key Exchange (IKE) SA between the cable
modem/router and the remote IPSec cable modem/router.
•
The
second phase
uses the IKE SA to securely establish an IPSec SA through which the
cable modem/router and remote IPSec cable modem/router can send data between
computers on the local network and remote network.
Before IPSec VPN configuration, try to familiarize yourself with terms like IPSec Algorithms,
Authentication Header and ESP protocol.
IPSec Algorithms
The ESP and AH protocols are necessary to create a Security Association (SA), the foundation of an
IPSec VPN. An SA is built from the authentication provided by the AH and ESP protocols. The
primary function of key management is to establish and maintain the SA between systems. Once the
SA is established, the transport of data may commence.
AH (Authentication Header) Protocol
The AH protocol (RFC 2402) was designed for integrity, authentication, sequence integrity (replay
resistance), and non-repudiation but not for confidentiality, for which the ESP was designed.
In applications where confidentiality is not required or not sanctioned by government encryption
restrictions, an AH can be employed to ensure integrity. This type of implementation does not
protect the information from dissemination but will allow for verification of the integrity of the
information and authentication of the originator.
ESP (Encapsulating Security Payload) Protocol
The ESP protocol (RFC 2406) provides encryption as well as the services offered by AH. ESP
authenticating properties are limited compared to the AH due to the non-inclusion of the IP header
information during the authentication process. However, ESP is sufficient if only the upper layer
protocols need to be authenticated. An added feature of the ESP is payload padding, which further
protects communications by concealing the size of the packet being transmitted.
89
Содержание 5350
Страница 1: ...Cable Modem Router with Wireless N U S E R M A N U A L ...
Страница 30: ...Table 4 describes the items you can select Figure 7 Example of Diagnostics Ping Page 30 ...
Страница 39: ...Figure 13 Example of Backup Page 39 ...
Страница 63: ...Figure 25 Example of Basic Page 63 ...
Страница 71: ...Figure 29 Example of Radio Page 71 ...
Страница 81: ...Figure 37 Example of Advanced Page 81 ...
Страница 85: ...Figure 39 Example of WMM Page 85 ...
Страница 95: ...Figure 43 Example of L2TP PPTP Page 95 ...