Manuals / Billion Electric Company / Computer Equipment / Network Router

Billion Electric Company BiPAC 8500/8520, BiPAC 8501/8521 user manual 129

Models: BiPAC 8501/8521 BiPAC 8500/8520

1 171
Download 171 pages 17.46 Kb
Page 133
Image 133

Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router

type the server is using (when acting as a client), or the authentication type you want clients to use (when acting as a server). When using PAP, the password is sent unencrypted, whilst CHAP encrypts the password before sending, and this presents challenges at different periods to ensure that the client has not been replaced by an intruder.

Idle Time: Auto-disconnect the VPN connection when there is no activity on the connection for a predetermined period of time. 0 means this connection is always on.

Click Apply after changing settings.

IPSec: Enabled for enhancing your L2TP VPN security. (L2TP over IPSec (L2TP/IPSec) VPN Connection)

Note: Authentication, Encryption, Perfect Forward Secrecy and Pre-shared Key will only be available for selection after IPSec is enabled

oAuthentication: Authentication establishes the integrity of the datagram and ensures it is not tampered with during transmission. There are three options, Message Digest 5 (MD5), Secure Hash Algorithm (SHA1) or NONE. SHA-1 is more resistant to brute-force attacks than MD5, however it is slower.

￿MD5: A one-way hashing algorithm that produces a 128−bit hash.

￿SHA1: A one-way hashing algorithm that produces a 160−bit hash.

oEncryption: Select the encryption method from the pull-down menu. There are four options, DES, 3DES, AES and NONE. NONE means it is a tunnel only with no encryption. 3DES and AES are more powerful but increase the latency.

￿DES: Stand for Data Encryption Standard, it uses 56 bits as an encryption method.

￿3DES: Stand for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption method.

￿AES: Stand for Advanced Encryption Standard, it uses 128 bits as an encryption method.

oPerfect Forward Secrecy: Choose whether to enable PFS using Diffie-Hellman public-key cryptography to change the encryption keys during second phase of VPN negotiation. This function will provide better security, but extends the VPN negotiation time. Diffie-Hellman is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the Internet). There are three modes, MODP 768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for Modular Exponentiation Groups.

oPre-shared Key: This is for the Internet Key Exchange (IKE) protocol, a string consists of 4 to 128 characters. Both sides should use the same key. IKE is used to establish a shared security policy and authenticated keys for services (such as IPSec) that require a key. Before any IPSec traffic can be passed, each router

129

Chapter 4: Configuration

Page 132 Page 134
Page 133
Image 133
Billion Electric Company BiPAC 8500/8520, BiPAC 8501/8521 user manual 129
Page 132 Page 134