VJ compression

This field is applicable when you select ISDN, PPTP or L2TP

 

with or without IPSec policy above. VJ Compression is used

 

for TCP/IP protocol header compression. Normally set to Yes

 

to improve bandwidth utilization.

IKE Authentication

This group of fields is applicable for IPSec Tunnels and L2TP

Method

with IPSec Policy.

 

Pre-SharedKey-Input 1-63 characters as pre-shared key.

 

Digital Signature (X.509) - Select one predefined Profiles set

 

in the VPN and Remote Access >>IPSec Peer Identity.

IPSec Security Method

This group of fields is a must for IPSec Tunnels and L2TP

 

with IPSec Policy.

 

Medium (AH - Authentication Header) means data will be

 

authenticated, but not be encrypted. By default, this option is

 

active.

 

High (ESP-Encapsulating Security Payload)- means

 

payload (data) will be encrypted and authenticated. Select

 

from below:

 

DES without Authentication -Use DES encryption algorithm

 

and not apply any authentication scheme.

 

DES with Authentication-Use DES encryption algorithm and

 

apply MD5 or SHA-1 authentication algorithm.

 

3DES without Authentication-Use triple DES encryption

 

algorithm and not apply any authentication scheme.

 

3DES with Authentication-Use triple DES encryption

 

algorithm and apply MD5 or SHA-1 authentication algorithm.

 

AES without Authentication-Use AES encryption algorithm

 

and not apply any authentication scheme.

 

AES with Authentication-Use AES encryption algorithm and

 

apply MD5 or SHA-1 authentication algorithm.

Advanced

Specify mode, proposal and key life of each IKE phase,

 

Gateway etc.

 

The window of advance setup is shown as below:

IKE phase 1 mode -Select from Main mode and Aggressive mode. The ultimate outcome is to exchange security proposals to create a protected secure channel. Main mode is more secure than Aggressive mode since more exchanges are done in a secure channel to set up the IPSec session. However, the Aggressive mode is faster. The default value in Vigor router is Main mode.

IKE phase 1 proposal-To propose the local available

114

VigorPro5500 Series User’s Guide

Page 122
Image 122
Draytek 5500 Series manual VJ compression, IKE Authentication, Method, VPN and Remote Access IPSec Peer Identity, Advanced