two IP addresses of 192.168.1.200 and 192.168.1.201 are reserved for ISDN remote dial-in user.

3.7.3 IPSec General Setup

In IPSec General Setup, there are two major parts of configuration.

There are two phases of IPSec.

¾Phase 1: negotiation of IKE parameters including encryption, hash, Diffie-Hellman parameter values, and lifetime to protect the following IKE exchange, authentication of both peers using either a Pre-Shared Key or Digital Signature (x.509). The peer that starts the negotiation proposes all its policies to the remote peer and then remote peer tries to find a highest-priority match with its policies. Eventually to set up a secure tunnel for IKE Phase 2.

¾Phase 2: negotiation IPSec security methods including Authentication Header (AH) or Encapsulating Security Payload (ESP) for the following IKE exchange and mutual examination of the secure tunnel establishment.

There are two encapsulation methods used in IPSec, Transport and Tunnel. The Transport mode will add the AH/ESP payload and use original IP header to encapsulate the data payload only. It can just apply to local packet, e.g., L2TP over IPSec. The Tunnel mode will not only add the AH/ESP payload but also use a new IP header (Tunneled IP header) to encapsulate the whole original IP packet.

Authentication Header (AH) provides data authentication and integrity for IP packets passed between VPN peers. This is achieved by a keyed one-way hash function to the packet to create a message digest. This digest will be put in the AH and transmitted along with packets. On the receiving side, the peer will perform the same one-way hash on the packet and compare the value with the one in the AH it receives.

Encapsulating Security Payload (ESP) is a security protocol that provides data confidentiality and protection with optional authentication and replay detection service.

IKE Authentication Method This usually applies to those are remote dial-in user or node (LAN-to-LAN) which uses dynamic IP address and IPSec-related VPN connections such as L2TP over IPSec and IPSec tunnel.

Pre-Shared Key -Currently only support Pre-Shared Key authentication.

Pre-Shared Key- Specify a key for IKE authentication Re-typePre-SharedKey-Confirm the pre-shared key.

Vigor2800 Series User’s Guide

77

Page 80 Page 82
Page 81
Image 81
Draytek 2800 Series manual IPSec General Setup
Page 80 Page 82

2800 Series specifications

The Draytek 2800 series is a robust solution in the realm of networking, catering primarily to small and medium-sized enterprises (SMEs). This series provides essential features for those looking to establish reliable and secure connectivity. With its advanced technology, it positions itself as an excellent choice for businesses needing to manage their network capabilities efficiently.

One of the standout features of the Draytek 2800 series is its support for various WAN connections. Businesses can opt for ADSL, ADSL2+, or Ethernet connections, allowing them flexibility depending on their internet service capabilities. This versatility ensures that users can select the most appropriate setup based on the local infrastructure.

In terms of security, the Draytek 2800 series is equipped with robust firewalls, including stateful packet inspection and DoS protection. This ensures that the network remains protected from potential threats. Additionally, it offers VPN capabilities, enabling secure remote access for employees working from different locations. The support for multiple VPN protocols, such as PPTP and L2TP, allows for secure and versatile connections.

The series also features an integrated, 4-port Ethernet switch, simplifying the task of connecting multiple devices within a local area network. This encourages seamless communication and data sharing among connected devices. Furthermore, the Draytek 2800 series supports Quality of Service (QoS) capabilities, which allows businesses to prioritize bandwidth for critical applications, ensuring that high-demand services such as VoIP and video conferencing operate smoothly without interruptions.

Another characteristic is its web-based management interface, which simplifies network administration. IT professionals can easily configure and monitor the router settings without needing extensive technical expertise. The series also supports dynamic DNS, which is crucial for businesses that require consistent access to their networks through domain names rather than constantly changing IP addresses.

Additionally, the Draytek 2800 series is designed for scalability, allowing businesses to expand their network as needed without significant overhauls. This flexibility ensures that the system can grow alongside the business.

In summary, the Draytek 2800 series combines advanced features, reliable performance, and enhanced security, making it a preferred choice for SMEs looking to build a solid networking foundation. Its flexibility, security features, and user-friendly management tools provide a comprehensive networking solution that meets the needs of modern businesses.
Top Page Image Contents