Manualshelf

User`s manual

ManualsBrandsDigicom ManualsNetworkingSHDSL
81828384858687888990
MICHELANGELO SHDSL VPN Firewall Bridge/Router
Chapter 4: Configuration
84
IPSec: Enable for enhancing your L2TP VPN security.
Authentication: Authentication establishes the integrity of the datagram and ensures it is not tampered with in
transmit. There are three options, Message Digest 5 (MD5), Secure Hash Algorithm (SHA1) or NONE. SHA1
is more resistant to brute-force attacks than MD5, however it is slower.
§ MD5: A one-way hashing algorithm that produces a 128_bit hash.
§ SHA1: A one-way hashing algorithm that produces a 160_bit hash.
Encryption: Select the encryption method from the pull-down menu. There are four options, DES, 3DES, AES
and NONE. NONE means it is a tunnel only with no encryption. 3DES and AES are more powerful but
increase latency.
§ DES: Stands for Data Encryption Standard, it uses 56 bits as an encryption method.
§ 3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption
method.
§ AES: Stands for Advanced Encryption Standards, it uses 128 bits as an encryption method.
Perfect Forward Secrecy: Choose whether to enable PFS using Diffie-Hellman public-key cryptography to
change encryption keys during the second phase of VPN negotiation. This function will provide better security,
but extends the VPN negotiation time. Diffie-Hellman is a public-key cryptography protocol that allows two
parties to establish a shared secret over an unsecured communication channel (i.e. over the Internet). There
are three modes, MODP 768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for Modular
Exponentiation Groups.
Pre-shared Key: This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128 characters. Both
sides should use the same key. IKE is used to establish a shared security policy and authenticated keys for
services (such as IPSec) that require a key. Before any IPSec traffic can be passed, each router must be able
to verify the identity of its peer. This can be done by manually entering the pre-shared key into both sides
(router or hosts).
Remote Host Name (Optional): Enter hostname of remote VPN device. It is a tunnel identifier from the
Remote VPN device matches with the Remote hostname provided. If remote hostname matches, tunnel will
be connected; otherwise, it will be dropped.
Cautious: This is only when the router performs as a VPN server. This option should be used by advanced
users only.
Local Host Name (Optional): Enter hostname of Local VPN device that is connected / establishes a VPN
tunnel. As default, Router’s default Hostname is home.gateway.
Tunnel Authentication: This enables router to authenticate both the L2TP remote and L2TP host. This is only
valid when L2TP remote supports this feature.
Secret: The secure password length should be 16 characters which may include numbers and characters.
Click Apply after changing settings.