User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherSPEDDTOUCH DSL ROUTERS

90 Chapter 4. Configuring Special Features

• Diffie-Hellman

Encryption requires PPP.

Caution:

PPP

DES and Diffie-Hellman encryption options may not be exported outside the United States or

Canada.

PPP DES (RFC 1969) Encryption

PPP DES (Data Encryption Standard) implementation uses a 56-bit key with fixed

transmit

and

receive

keys that

are specified in each router. With RFC 1969, users must manage the keys. This implementation has been tested for

interoperability with other PPP DES vendors such as IBM and Network Express (part of Cabletron).

Configuration Notes

Simply add the encryption commands to your standard configuration. For PPP DES, the encryption

commands are:

remote setEncryption dese rx <

key

> <

remoteName

remote setEncryption dese tx <

key

> <

remoteName

Observe the following guidelines:

• PPP DES can only be configured using the Command Line Interface (CLI).

• The choice of keys should be carefully considered: they must have eight hexadecimal digits, and values

that are considered cryptographically weak should be avoided. Consult a security expert for advice.

• Use the console port or a Telnet port (use the

system log

command) to view error messages and progress.

If you see “Unknown protocol” errors, the router

receive

key and

sender Tx

key don't match.

• Different keys may be used with different remote destinations.

• For maximum security, as shown in the following configuration examples, Telnet and SNMP access

should be disabled, and PPP CHAP authentication should be used by both ends.

Sample Configuration

Refer to the section

Sample Configurations 54

of this guide. The routers SOHO (the target router) and HQ

(the remote router) are configured in the same manner as shown in Chapter 3, but the following encryption

commands are added. Don’t forget to save the configuration and reboot the router (

save

and

reboot

commands).

Remember that the

transmit

key (

) of SOHO is the

receive

key (

) of HQ. Inversely, the

receive

key of

SOHO is the

transmit

key of HQ.

Use this sample configuration with the additional encryption commands as a guideline to configure your own

routers.

Enable Encryption on the Router HQ

Sample:

remote setEncryption dese rx 1111111111111111 SOHO