Manualshelf

Operation Manual

ManualsBrandsDraytek ManualscomputerVigor 2760 Delight Series
291292293294295296297298299300
Vigor2760 Series User’s Guide
280
Maximum MPPE - This option indicates that the router
will use the MPPE encryption scheme with maximum bits
(128-bit) to encrypt the data.
Mutual Authentication
(PAP)
The Mutual Authentication function is mainly used to
communicate with other routers or clients who need
bi-directional authentication in order to provide stronger
security, for example, Cisco routers. So you should enable
this function when your peer router requires mutual
authentication. You should further specify the User Name
and Password of the mutual authentication peer.
The length of the name/password is limited to 23/19
characters.
IP Address Assignment
for Dial-In Users (when
DHCP Disable set)
Enter a start IP address for the dial-in PPP connection for
LAN1.
LAN2 will be available if it is enabled. Refer to
LAN>>General Setup for enabling the LAN interface.
PPP Authentication
Methods
Select the method(s) to be used for authentication in PPP
connection.
PPTP LDAP Profile
Configured LDAP profiles will be listed under such item.
Simply check the one you want to enable the PPP
authentication by LDAP server profiles.
However, if there is no profile listed, simply click the link
of PPTP LDAP Profile to create/add some new LDAP
profiles you want.
While using Radius or
LDAP Authentication
If PPP connection will be authenticated via RADIUS server
or LDAP profiles, it is necessary to specify the LAN profile
for the dial-in user to get IP from.
After finishing all the settings here, please click OK to save the configuration.
3
3
.
.
1
1
0
0
.
.
3
3
I
I
P
P
s
s
e
e
c
c
G
G
e
e
n
n
e
e
r
r
a
a
l
l
S
S
e
e
t
t
u
u
p
p
In IPsec General Setup, there are two major parts of configuration.
There are two phases of IPsec.
Phase 1: negotiation of IKE parameters including encryption, hash, Diffie-Hellman
parameter values, and lifetime to protect the following IKE exchange, authentication of
both peers using either a Pre-Shared Key or Digital Signature (x.509). The peer that
starts the negotiation proposes all its policies to the remote peer and then remote peer
tries to find a highest-priority match with its policies. Eventually to set up a secure tunnel
for IKE Phase 2.
Phase 2: negotiation IPsec security methods including Authentication Header (AH) or
Encapsulating Security Payload (ESP) for the following IKE exchange and mutual
examination of the secure tunnel establishment.