Operation Manual
Vigor2760 Series User’s Guide
281
There are two encapsulation methods used in IPsec, Transport and Tunnel. The Transport
mode will add the AH/ESP payload and use original IP header to encapsulate the data payload
only. It can just apply to local packet, e.g., L2TP over IPsec. The Tunnel mode will not only
add the AH/ESP payload but also use a new IP header (Tunneled IP header) to encapsulate the
whole original IP packet.
Authentication Header (AH) provides data authentication and integrity for IP packets passed
between VPN peers. This is achieved by a keyed one-way hash function to the packet to create
a message digest. This digest will be put in the AH and transmitted along with packets. On the
receiving side, the peer will perform the same one-way hash on the packet and compare the
value with the one in the AH it receives.
Encapsulating Security Payload (ESP) is a security protocol that provides data confidentiality
and protection with optional authentication and replay detection service.
Available settings are explained as follows:
Item Description
IKE Authentication
Method
This usually applies to those are remote dial-in user or node
(LAN-to-LAN) which uses dynamic IP address and
IPsec-related VPN c
There are two methods offered by Vigor router for you to
authenticate the incoming data coming from remote dial-in
user, Certificate (X.509) and Pre-Shared Key.
Certificate for Dial-in –Choose one of the local certificates
from the drop down list.
Pre-Shared Key- Specify a key for IKE authentication.
Confirm Pre-Shared Key- Retype the characters to
confirm the pre-shared key.
Note: Any packets from the remote dial-in user which does
not match the rule defined in VPN and Remote
Access>>Remote Dial-In User will be applied with the
method specified here.
IPsec Security Method
Medium - Authentication Header (AH) means data will be
authenticated, but not be encrypted. By default, this option
is active.
High (ESP) - Encapsulating Security Payload (ESP) means