Prestige 794M User’s Guide

 

Table 46 VPN: L2TP: Create: Remote Access Connection (continued)

 

 

 

 

 

LABEL

DESCRIPTION

 

 

 

 

 

 

Encryption

Select the encryption method from the pull-down menu. There are four

 

 

 

options, DES, 3DES, AES and NONE. NONE means it is a tunnel only with no

 

 

 

encryption. 3DES and AES are more powerful but increase latency.

 

 

 

• DES stands for Data Encryption Standard, it uses 56 bits as an encryption

 

 

 

method.

 

 

 

• 3DES stands for Triple Data Encryption Standard, it uses 168 (56*3) bits

 

 

 

as an encryption method.

 

 

 

• AES stands for Advanced Encryption Standards, it uses 128 bits as an

 

 

 

encryption method.

 

 

Perfect Forward

Perfect Forward Secret (PFS) is disabled (None) by default in phase 2 IPSec

 

 

Secrecy

SA setup. This allows faster IPSec setup, but is not so secure.

 

 

 

Specify an MODP (Modular Exponentiation Groups) mode from the drop-

 

 

 

down list box. Choices are MODP 768-bit (Group 1), MODP 1024-bit (Group

 

 

 

2) and MODP 1536-bit (Group 5). The larger the random number bits, the

 

 

 

higher the security ut slower.

 

 

Pre-shared Key

Enter your pre-shared key in this field. A pre-shared key identifies a

 

 

 

communicating party during a phase 1 IKE negotiation. It is called "pre-

 

 

 

shared" because you have to share it with another party before you can

 

 

 

communicate with them over a secure connection.

 

 

 

Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62

 

 

 

hexadecimal ("0-9", "A-F") characters. You must precede a hexadecimal key

 

 

 

with a "0x (zero x), which is not counted as part of the 16 to 62 character

 

 

 

range for the key. For example, in "0x0123456789ABCDEF", 0x denotes that

 

 

 

the key is hexadecimal and 0123456789ABCDEF is the key itself.

 

 

 

Note: Both ends of the VPN tunnel must use the same pre-

 

 

 

shared key.

 

 

 

You will receive a PYLD_MALFORMED (payload malformed) packet if the

 

 

 

same pre-shared key is not used on both ends.

 

 

Remote Host Name

This optional field is applicable when you select Dial Out in the Type field

 

 

 

above.

 

 

 

Enter the host name of the remote VPN device. The name must match to

 

 

 

establish a VPN connection.

 

 

Local Host Name

This field is optional.

 

 

 

Enter the host name of the Prestige.

 

 

 

 

 

 

Tunnel Authentication

Select this option to set the Prestige to authenticate both the remote L2TP

 

 

 

client and host. The remote L2TP client and host must also support this

 

 

 

feature.

 

 

Secret

This field is applicable when you select Tunnel Authentication above.

 

 

 

Enter the authentication key up to 16 alphanumerical characters.

 

 

 

 

 

 

Apply

Click Apply after changing settings.

 

 

 

 

 

7.4.1.2 LAN to LAN L2TP Connection

Use the L2TP LAN to LAN screen to create an L2TP VPN rule to connect to another VPN device on the LAN.

Chapter 7 VPN

90