XiNCOM XC-DPG503 manual IPSec Global Settings

Page 35

IPSec Global Settings

IPSec Global Setting

IP Global Setting

Enable

Enabling either WAN 1, WAN 2, or both will start the VPN global setting.

ISAkmp Port

Internet Security Association and Key Protocol Management (ISAkmp) is designed to negotiate, establish, modify, and delete security associations and their attributes. In particular, it was assigned UDP port 500 by the IANA.

Phase 1 DH Group

Use DH Group 1(768-bits),DH Group 2(1024-bits), Group 5 (1536-bits) to generate IPSec SA keys.

Phase 1 Encryption Method

There are three data encryption methods available, DES, 3DES, and AES.

Phase 1 Authentication Method

There are two authentication available. MD5 and SHA1 (Secure Hash Algorithm)

Phase 1 SA Life Time

By default the Security Association lifetime is set at 28800 Sec.

Maxtime to complete phase 1

The aim of phase 1 is to authenticate and establish a secure tunnel, which will protect further IKE negotiation. The maximum time default is 30 sec.

Maxtime to complete phase 2

Maximum time to establish the IPSec SAs. By default the maximum time is 30 sec.

Log Level

Select a VPN log level that you like to display on VPN log.

Planning the VPN

Consider these questions and setups when planning your VPN:

If the remote end is a LAN network, the two-endpoint network must have different LAN IP address ranges. If the remote endpoint is a single PC running a VPN client, its destination address must be a single IP address, with subnet mask of 255.255.255.255

Will you be using the Internet Key Exchange (IKE) setup or Manual Keying? For either method, you must specify each phase of the connection.

At least one side must have a fixed IP address. The other side with a dynamic IP address must always be the initiator of the connection.

What encryption level will you use? (DES/3DES - hardware encryption; AES - software encryption)

35

Page 34 Page 36
Image 35
Page 34 Page 36
Contents
Twin WAN VPN Gateway Table of Contents QoS Configuration VPN Configuration Use TWO ISPs for expanded bandwidth and redundancy IntroductionFeatures Dhcp Server Support Easy SetupPassword Protected Configuration Http Firmware Upgrade and backupSystem Physical DetailsLED Action Condition Default SettingsOverview Procedure Basic SetupNo Response? Configuring the XC-DPG503 for your LANProcedure Configuring the XC-DPG503 for your LAN Installation Diagram for XC-DPG503 Connecting two broadband modemsAddress Info Configuring for Internet AccessSettings Primary Setup Connection Mode Connection TypeOverview Configure PCs on your LANTCP/IP Settings Internet AccessTo act as a Dhcp Client recommended For Apple ClientsFor Linux Clients Fixed IP AddressAdvanced Port Port Options Health Check Auto Dialup Bridge ModeLoad Balance Settings Load BalanceAdvanced PPPoE Settings Advanced PPPoEAdvanced Pptp Settings Advanced PptpAdvanced Setup Host IP Host IPVirtual Servers Settings Virtual ServerVirtual Servers Server List Settings Custom Virtual ServersCustom Virtual Servers Custom Virtual ServersSpecial Application Settings Special ApplicationsSpecial Applications Dynamic DNS To use the Dynamic DNS FeatureSettings Dynamic DNS Dynamic DNSPrivate IP Address Multi DMZ & UPnPFor Dynamic IP Select the desired WAN portSettings Advanced Features Advanced FeaturesAdvanced Features HTTP// Internet IP Address of the XC-DPG503 Using Remote Web-based SetupFirewall Exception Security ManagementBlock URL Access FilterSettings Block URL Settings Access FilterSession Limit Settings Session LimitSession Limit & Firewall Exception QoS Configuration VPN Configuration IPSec Global Setting IPSec Global SettingsVPN Policy Setup Policy SetupKey Management Trap Targets Management AssistantSystem Information Message Status Management AssistantSyslog Configuration To save the XC-DPG503 Configuration to a file Using the Tftp Utility RecommendedUpdating the Firmware Backup your configuration Restoring Saved Configuration Http Upgrade FirmwareUploading the Firmware To upload the firmware to the routerSystem Status Operation & StatusOperation & Status Existing Dhcp Server Advanced LAN ConfigurationStatic Routing Advanced LAN Configuration192.168.1.100 Configuring other Routers on you LAN192.168.2.0 255.255.255.0External Power Adapter DimensionsOperating Temperature Storage TemperatureUsing Specify an IP Address TCP/IP SettingsChecking TCP/IP Settings Windows 9x/ME Using DhcpUsing a fixed IP Address Use the following IP Address Checking TCP/IP Settings WindowsFigure G. Network Configuration Windows XP Checking TCP/IP Settings Windows XPOverview Troubleshooting