XiNCOM XC-DPG503 manual Key Management

Page 37

Policy Setup

VPN Policy Setup (continued)

Key Management

Key - Key Type:

There are two key types (manual key and auto key) available for the key exchange management.

Manual Key: If manual key is selected, no key negotiation is needed.

Encryption Key - This field specifies a key to encrypt and decrypt IP traffic.

Authentication Key - This field specifies a key use to authentication IP traffic.

Inbound/outbound SPI (Security Parameter Index) is carried on the ESP header. Each tunnel must have a unique inbound and outbound SPI and no two tunnels share the same SPI. Notice that Inbound SPI must match the other router’s outbound SPI.

AutoKey (IKE) - There are two types of operation modes can be used:

Main mode accomplishes a phase one IKE exchange by establishing a secure channel.

Aggressive Mode is another way of accomplishing a phase one exchange. It is faster and simpler than main mode, but does not provide identity protection for the negotiating nodes.

Perfect Forward

If PFS is enable, IKE phase 2 negotiation will generate a new key material

Secrecy (PFS)

for IP traffic encryption & authentication.

 

 

Preshared Key

This field is to authenticate the remote IKE peer.

Key Lifetime

This specifies the lifetime of the IKE generated Key. If the time expires or

 

data is passed over this volume, a new key will be renegotiated. By default,

 

0 is set for no limit.

Options

NetBIOS Broadcast

This is used to forward NetBIOS broadcast across the Internet.

Keep Alive

This is to help maintain the IPSec connection tunnel. It can be re-

 

established immediately if a connection is dropped.

Anti Replay

The Anti Replay mechanism works by keeping track of the sequence

 

numbers in packets as they arrive.

Passive Mode

When enabled, your PC establishes the data connection.

Check ESP Pad

When checked, this will enable ESP (Encapsulating Security Payload)

 

padding.

Allow Full ECN

Enable will allow full Explicit Congestion Notification (ECN). ECN is a

 

standard proposed by the IETF that will minimize congestion on network

 

and the gateway dropping packets.

Copy DF Flag

When an IP packet is encapsulated as payload inside another IP packet,

 

some of the outer header fields can be newly written and others are

 

determined by the inner header. Among these fields is the IP DF (Do not

 

fragment) flag. When the inner packet DF flag is clear, the outer packet

 

may copy it or set it. However, when the inner DF flag is set, the outer

 

header MUST copy it.

Set DF Flag

If the DF (Do not Fragment) flag is set, it means the fragmentation of this

 

packet at the IP level is not permitted.

37

Image 37 XiNCOM XC-DPG503 manual Key Management
Contents Twin WAN VPN Gateway Table of Contents QoS Configuration VPN Configuration Use TWO ISPs for expanded bandwidth and redundancy IntroductionFeatures Password Protected Configuration Easy SetupHttp Firmware Upgrade and backup Dhcp Server SupportSystem Physical DetailsLED Action Condition Default SettingsOverview Procedure Basic SetupProcedure Configuring the XC-DPG503 for your LANNo Response? Configuring the XC-DPG503 for your LAN Installation Diagram for XC-DPG503 Connecting two broadband modemsSettings Primary Setup Connection Mode Configuring for Internet AccessConnection Type Address InfoTCP/IP Settings Configure PCs on your LANInternet Access OverviewFor Linux Clients For Apple ClientsFixed IP Address To act as a Dhcp Client recommendedAdvanced Port Port Options Health Check Auto Dialup Bridge ModeLoad Balance Settings Load BalanceAdvanced PPPoE Settings Advanced PPPoEAdvanced Pptp Settings Advanced PptpAdvanced Setup Host IP Host IPVirtual Servers Settings Virtual ServerVirtual Servers Custom Virtual Servers Settings Custom Virtual ServersCustom Virtual Servers Server ListSpecial Applications Settings Special ApplicationsSpecial Application Settings Dynamic DNS To use the Dynamic DNS FeatureDynamic DNS Dynamic DNSFor Dynamic IP Multi DMZ & UPnPSelect the desired WAN port Private IP AddressAdvanced Features Advanced FeaturesSettings Advanced Features HTTP// Internet IP Address of the XC-DPG503 Using Remote Web-based SetupFirewall Exception Security ManagementSettings Block URL Access FilterSettings Access Filter Block URLSession Limit & Firewall Exception Settings Session LimitSession Limit QoS Configuration VPN Configuration IPSec Global Setting IPSec Global SettingsVPN Policy Setup Policy SetupKey Management System Information Management AssistantTrap Targets Syslog Configuration Management AssistantMessage Status Updating the Firmware Backup your configuration Using the Tftp Utility RecommendedTo save the XC-DPG503 Configuration to a file Uploading the Firmware Http Upgrade FirmwareTo upload the firmware to the router Restoring Saved ConfigurationSystem Status Operation & StatusOperation & Status Existing Dhcp Server Advanced LAN ConfigurationStatic Routing Advanced LAN Configuration192.168.2.0 Configuring other Routers on you LAN255.255.255.0 192.168.1.100Operating Temperature DimensionsStorage Temperature External Power AdapterChecking TCP/IP Settings Windows 9x/ME TCP/IP SettingsUsing Dhcp Using Specify an IP AddressUsing a fixed IP Address Use the following IP Address Checking TCP/IP Settings WindowsFigure G. Network Configuration Windows XP Checking TCP/IP Settings Windows XPOverview Troubleshooting

XC-DPG503 specifications

The XiNCOM XC-DPG503 is a versatile and advanced dual WAN VPN router designed to meet the demands of small to medium-sized businesses looking for robust internet connectivity and reliable security features. Its distinguishing characteristics make it an excellent choice for organizations requiring seamless redundancy and high-speed performance.

One of the most notable features of the XC-DPG503 is its dual WAN capability. This allows users to connect two different internet service providers simultaneously, ensuring uninterrupted connectivity. In case one connection fails, the router can automatically failover to the secondary WAN link, enhancing network reliability and uptime. This feature is particularly beneficial for businesses that cannot afford downtime due to internet connectivity issues.

The XC-DPG503 supports various VPN protocols, such as IPSec and PPTP, which enable secure remote access for employees and secure site-to-site connections. With built-in VPN support, users can establish encrypted connections over the public internet, allowing sensitive data to be transmitted safely. This level of security is essential for businesses handling confidential information.

Another characteristic of the XC-DPG503 is its comprehensive firewall capabilities, which protect the internal network from external threats. It includes features like Stateful Packet Inspection (SPI), Denial of Service (DoS) protection, and content filtering, helping to safeguard the network against various cyber threats.

Performance-wise, the XC-DPG503 comes equipped with a robust processor and ample memory, allowing it to handle multiple connections and data-intensive applications simultaneously without compromising speed and efficiency. With support for Gigabit Ethernet ports, it ensures high-speed LAN connectivity, accommodating the high bandwidth requirements of modern enterprises.

The router also features an easy-to-use web-based management interface. This user-friendly platform allows administrators to configure settings, monitor network performance, and manage security policies efficiently. Additionally, it supports remote management, enabling IT staff to oversee the network without being physically present.

Designed for scalability, the XiNCOM XC-DPG503 is an ideal solution for growing businesses. Its advanced features, security protocols, and dual WAN capability make it a reliable choice for organizations looking to maintain high levels of productivity while ensuring a secure networking environment. Overall, the XC-DPG503 stands out with its combination of performance, security, and ease of management, making it an invaluable asset for contemporary business networks.