User guide

Chapter 4. Configuring Special Features 101

Use this sample configuration with the additional encryption commands as a guideline to configure your own

routers.

¥ Enable Encryption on the Router HQ

Example:

remote setEncryption dese rx 1111111111111111 SOHO

remote setEncryption dese tx 2222222222222222 SOHO

save

reboot

¥ Enable encryption for the router SOHO

Example:

remote setEncryption dese tx 1111111111111111 HQ

remote setEncryption dese rx 2222222222222222 HQ

save

reboot

Diffie-Hellman Encryption

With Diffie-Hellman encryption, each router has an encryption file that is associated with a public key providing

768-bit security. The predefined keys can be replaced by the user. The key files have a suffix of ÒnumÓ by

convention (e.g., dh96.num).

Configuration Notes

Simply add the encryption command to your standard configuration. For Diffie-Hellman, the encryption

command is:

remote setEncryption DESE_1_KEY|DESE_2_KEY [<fileName>]| <remoteName>

Observe the following guidelines:

¥ DESE_1_KEY specifies that the same key is used in both directions, whereas DESE_2_KEY specifies

that the keys are different. Having the same keys in both directions can significantly reduce time needed

to compute the DES keys from the Diffie-Hellman exchange.

¥ The routersÕ receive key and sender Tx key must not match.

¥ Different keys and key files may be used with different remote destinations.

¥ For maximum security, as shown in these examples, Telnet and SNMP access should be disabled, and

PPP CHAP should be used. Use the console port to view error messages and progress.

Sample Configuration

The sample configuration is the same as the one provided in the preceding PPP DES encryption example, but

the Diffie-Hellman encryption command is used instead of the PPP DES encryption commands.