XiNCOM XC-DPG603 manual Key Management

Page 37

Policy Setup

VPN Policy Setup (continued)

Key Management

Key - Key Type:

There are two key types (manual key and auto key) available for the key exchange management.

Manual Key: If manual key is selected, no key negotiation is needed.

Encryption Key - This field specifies a key to encrypt and decrypt IP traffic.

Authentication Key - This field specifies a key use to authentication IP traffic.

Inbound/outbound SPI (Security Parameter Index) is carried on the ESP header. Each tunnel must have a unique inbound and outbound SPI and no two tunnels share the same SPI. Notice that Inbound SPI must match the other router’s outbound SPI.

AutoKey (IKE) - There are two types of operation modes can be used:

Main mode accomplishes a phase one IKE exchange by establishing a secure channel.

Aggressive Mode is another way of accomplishing a phase one exchange. It is faster and simpler than main mode, but does not provide identity protection for the negotiating nodes.

Perfect Forward

If PFS is enable, IKE phase 2 negotiation will generate a new key material

Secrecy (PFS)

for IP traffic encryption & authentication.

 

 

Preshared Key

This field is to authenticate the remote IKE peer.

Key Lifetime

This specifies the lifetime of the IKE generated Key. If the time expires or

 

data is passed over this volume, a new key will be renegotiated. By default,

 

0 is set for no limit.

Options

NetBIOS Broadcast

This is used to forward NetBIOS broadcast across the Internet.

Keep Alive

This is to help maintain the IPSec connection tunnel. It can be re-

 

established immediately if a connection is dropped.

Anti Replay

The Anti Replay mechanism works by keeping track of the sequence

 

numbers in packets as they arrive.

Passive Mode

When enabled, your PC establishes the data connection.

Check ESP Pad

When checked, this will enable ESP (Encapsulating Security Payload)

 

padding.

Allow Full ECN

Enable will allow full Explicit Congestion Notification (ECN). ECN is a

 

standard proposed by the IETF that will minimize congestion on network

 

and the gateway dropping packets.

Copy DF Flag

When an IP packet is encapsulated as payload inside another IP packet,

 

some of the outer header fields can be newly written and others are

 

determined by the inner header. Among these fields is the IP DF (Do not

 

fragment) flag. When the inner packet DF flag is clear, the outer packet

 

may copy it or set it. However, when the inner DF flag is set, the outer

 

header MUST copy it.

Set DF Flag

If the DF (Do not Fragment) flag is set, it means the fragmentation of this

 

packet at the IP level is not permitted.

37

Page 36 Page 38
Image 37
Page 36 Page 38
Contents Twin WAN DNS IP VPN Gateway Table of Contents QoS Configuration VPN Configuration Use TWO ISPs for expanded bandwidth and redundancy IntroductionFeatures Password Protected Configuration Easy SetupHttp Firmware Upgrade and backup Dhcp Server SupportSystem Physical DetailsLED Action Condition Default SettingsOverview Procedure Basic SetupProcedure Configuring the XC-DPG603 for your LANNo Response? Configuring the XC-DPG603 for your LAN Installation Diagram for XC-DPG603 Connecting two broadband modemsSettings Primary Setup Connection Mode Configuring for Internet AccessConnection Type Address InfoTCP/IP Settings Configure PCs on your LANInternet Access OverviewFor Linux Clients For Apple ClientsFixed IP Address To act as a Dhcp Client recommendedAdvanced Port Port Options Health Check Auto Dialup Bridge ModeLoad Balance Settings Load BalanceAdvanced PPPoE Settings Advanced PPPoEAdvanced Pptp Settings Advanced PptpAdvanced Setup Host IP Host IPVirtual Servers Settings Virtual ServerVirtual Servers Custom Virtual Servers Settings Custom Virtual ServersCustom Virtual Servers Server ListSpecial Applications Settings Special ApplicationsSpecial Application Settings Dynamic DNS To use the Dynamic DNS FeatureDynamic DNS Dynamic DNSFor Dynamic IP Multi DMZ & UPnPSelect the desired WAN port Private IP AddressAdvanced Features Advanced FeaturesSettings Advanced Features HTTP// Internet IP Address of the XC-DPG603 Using Remote Web-based SetupFirewall Exception Security ManagementSettings Block URL Access FilterSettings Access Filter Block URLSession Limit & Firewall Exception Settings Session LimitSession Limit QoS Configuration How it works VPN ConfigurationIPSec Global Setting IPSec Global SettingsVPN Policy Setup Policy SetupKey Management DNS Configuration XC-DPG602 & 603 Gateways How it worksDomain Name Configuration Public WAN 1 & 2 IP Address NS Record Primary/Secondary Name ServerMX Record Mail Exchange Preference 1Record Map Host URLCname Record Host URL ListSystem Information Management AssistantTrap Targets Syslog Configuration Management AssistantMessage Status Updating the Firmware Backup your configuration Using the Tftp Utility RecommendedTo save the XC-DPG603 Configuration to a file Uploading the Firmware Http Upgrade FirmwareTo upload the firmware to the Gateway Restoring Saved ConfigurationSystem Status Operation & StatusOperation & Status Existing Dhcp Server Advanced LAN ConfigurationStatic Routing Advanced LAN Configuration192.168.2.0 Configuring other Routers on you LAN255.255.255.0 192.168.1.100Operating Temperature DimensionsStorage Temperature External Power AdapterChecking TCP/IP Settings Windows 9x/ME TCP/IP SettingsUsing Dhcp Using Specify an IP AddressUsing a fixed IP Address Use the following IP Address Checking TCP/IP Settings WindowsFigure G. Network Configuration Windows XP Checking TCP/IP Settings Windows XPOverview Troubleshooting
Top Page Image Contents