Vigor2910 Series User’s Guide 89
Authentication PAP Only users with the PAP protocol.
PAP or CHAP Selecting this option means the router will attempt to
authenticate dial-in users with the CHAP protocol first. If the
dial-in user does not support this protocol, it will fall back to
use the PAP protocol for authentication.
Dial-In PPP Encryption
(MPPE Optional MPPE This option represents that the MPPE encryption method will
be optionally employed in the router for the remote dial-in
user. If the remote dial-in user does not support the MPPE
encryption algorithm, the router will transmit “no MPPE
encrypted packets”. Otherwise, the MPPE encryption scheme
will be used to encrypt the data.
Require MPPE (40/128bits) - Selecting this option will force
the router to encrypt packets by using the MPPE encryption
algorithm. In addition, the remote dial-in user will use 40-bit
to perform encryption prior to using 128-bit for encryption.
In other words, if 128-bit MPPE encryption method is not
available, then 40-bit encryption scheme will be applied to
encrypt the data.
Maximum MPPE - This option indicates that the router will
use the MPPE encryption scheme with maximum bits
(128-bit) to encrypt the data.
Mutual Authentication
(PAP) The Mutual Authentication function is mainly used to
communicate with other routers or clients who need
bi-directional authentication in order to provide stronger
security, for example, Cisco routers. So you should enable
this function when your peer router requires mutual
authentication. You should further specify the User Name
and Password of the mutual authentication peer.
Start IP Address Enter a start IP address for the dial-in PPP connection. You
should choose an IP address from the local private network.
For example, if the local private network is
192.168.1.0/255.255.255.0, you could choose 192.168.1.200
as the Start IP Address. But, you have to notice that the first
two IP addresses of 192.168.1.200 and 192.168.1.201 are
reserved for ISDN remote dial-in user.
3
3.
.8
8.
.3
3
I
IP
PS
Se
ec
c
G
Ge
en
ne
er
ra
al
l
S
Se
et
tu
up
p
In IPSec General Setup, there are two major parts of configuration.
There are two phases of IPSec.
¾ Phase 1: negotiation of IKE parameters including encryption, hash, Diffie-Hellman
parameter values, and lifetime to protect the following IKE exchange, authentication of
both peers using either a Pre-Shared Key or Digital Signature (x.509). The peer that
starts the negotiation proposes all its policies to the remote peer and then remote peer
tries to find a highest-priority match with its policies. Eventually to set up a secure
tunnel for IKE Phase 2.