User`s guide
Table Of Contents
- VMG8924-B10A and VMG8924- B30A Series
- User’s Guide
- Technical Reference
- Network Map and Status Screens
- Broadband
- Wireless
- Home Networking
- 7.1 Overview
- 7.2 The LAN Setup Screen
- 7.3 The Static DHCP Screen
- 7.4 The UPnP Screen
- 7.5 Installing UPnP in Windows Example
- 7.6 Using UPnP in Windows XP Example
- 7.7 The Additional Subnet Screen
- 7.8 The STB Vendor ID Screen
- 7.9 The 5th Ethernet Port Screen
- 7.10 The LAN VLAN Screen
- 7.11 The Wake on LAN Screen
- 7.12 Technical Reference
- Routing
- Quality of Service (QoS)
- Network Address Translation (NAT)
- Dynamic DNS Setup
- Interface Group
- USB Service
- Power Management
- Firewall
- MAC Filter
- Parental Control
- Scheduler Rule
- Certificates
- VPN
- Voice
- Log
- Traffic Status
- VoIP Status
- ARP Table
- Routing Table
- IGMP/MLD Status
- xDSL Statistics
- 3G Statistics
- User Account
- Remote Management
- TR-069 Client
- TR-064
- SNMP
- Time Settings
- E-mail Notification
- Logs Setting
- Firmware Upgrade
- Configuration
- Diagnostic
- Troubleshooting
- Customer Support
- Setting up Your Computer’s IP Address
- IP Addresses and Subnetting
- Pop-up Windows, JavaScripts and Java Permissions
- Wireless LANs
- IPv6
- Services
- Legal Information
- Index
Chapter 20 VPN
VMG8924-B10A and VMG8924-B30A Series User’s Guide
234
The type of ID can be a domain name, an IP address or an e-mail address. The content is the IP
address, domain name, or e-mail address.
20.5.7.1 ID Type and Content Examples
Two IPSec routers must have matching ID type and content configuration in order to set up a VPN
tunnel.
The two Devices in this example can complete negotiation and establish a VPN tunnel.
The two Devices in this example cannot complete their negotiation because Device B’s Local ID
Type is IP, but Device A’s Remote ID Type is set to E-mail. An “ID mismatched” message
displays in the IPSEC LOG.
20.5.8 Pre-Shared Key
A pre-shared key identifies a communicating party during a phase 1 IKE negotiation (see Section
20.5.3 on page 230 for more on IKE phases). It is called “pre-shared” because you have to share it
with another party before you can communicate with them over a secure connection.
20.5.9 Diffie-Hellman (DH) Key Groups
Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties to establish a
shared secret over an unsecured communications channel. Diffie-Hellman is used within IKE SA
setup to establish session keys. Upon completion of the Diffie-Hellman exchange, the two peers
have a shared secret, but the IKE SA is not authenticated. For authentication, use pre-shared keys.
Table 107 Local ID Type and Content Fields
LOCAL ID TYPE= CONTENT=
IP Type the IP address of your computer.
DNS Type a domain name (up to 31 characters) by which to identify this Device.
E-mail Type an e-mail address (up to 31 characters) by which to identify this Device.
The domain name or e-mail address that you use in the Local ID Content field is used
for identification purposes only and does not need to be a real domain name or e-mail
address.
Table 108 Matching ID Type and Content Configuration Example
Device A Device B
Local ID type: E-mail Local ID type: IP
Local ID content: tom@yourcompany.com Local ID content: 1.1.1.2
Remote ID type: IP Remote ID type: E-mail
Remote ID content: 1.1.1.2 Remote ID content: tom@yourcompany.com
Table 109 Mismatching ID Type and Content Configuration Example
DEVICE A DEVICE B
Local ID type: IP Local ID type: IP
Local ID content: 1.1.1.10 Local ID content: 1.1.1.2
Remote ID type: E-mail Remote ID type: IP
Remote ID content: aa@yahoo.com Remote ID content: 1.1.1.0