Vigor2710 Series User’s Guide
193
Dial-In PPP
Authentication PAP Only
Select this option to force the router to authenticate dial-in
users with the PAP protocol.
PAP or CHAP
Selecting this option means the router will attempt to
authenticate dial-in users with the CHAP protocol first. If the
dial-in user does not support this protocol, it will fall back to
use the PAP protocol for authentication.
Dial-In PPP Encryption
(MPPE Optional MPPE
This option represents that the MPPE encryption method will
be optionally employed in the router for the remote dial-in
user. If the remote dial-in user does not support the MPPE
encryption algorithm, the router will transmit “no MPPE
encrypted packets”. Otherwise, the MPPE encryption scheme
will be used to encrypt the data.
Require MPPE (40/128bits) -
Selecting this option will
force the router to encrypt packets by using the MPPE
encryption algorithm. In addition, the remote dial-in user will
use 40-bit to perform encryption prior to using 128-bit for
encryption. In other words, if 128-bit MPPE encryption
method is not available, then 40-bit encryption scheme will
be applied to encrypt the data.
Maximum MPPE -
This option indicates that the router will
use the MPPE encryption scheme with maximum bits
(128-bit) to encrypt the data.
Mutual Authentication
(PAP)
The Mutual Authentication function is mainly used to
communicate with other routers or clients who need
bi-directional authentication in order to provide stronger
security, for example, Cisco routers. So you should enable
this function when your peer router requires mutual
authentication. You should further specify the
User Name
and
Password
of the mutual authentication peer.
Start IP Address
Enter a start IP address for the dial-in PPP connection. You
should choose an IP address from the local private network.
For example, if the local private network is
192.168.1.0/255.255.255.0, you could choose 192.168.1.200
as the Start IP Address.
4
4
.
.
9
9
.
.
3
3
I
I
P
P
S
S
e
e
c
c
G
G
e
e
n
n
e
e
r
r
a
a
l
l
S
S
e
e
t
t
u
u
p
p
In
IPSec General Setup,
there are two major parts of configuration.
There are two phases of IPSec.
¾
Phase 1: negotiation of IKE parameters including encryption, hash, Diffie-Hellman
parameter values, and lifetime to protect the following IKE exchange, authentication of
both peers using either a Pre-Shared Key or Digital Signature (x.509). The peer that
starts the negotiation proposes all its policies to the remote peer and then remote peer
tries to find a highest-priority match with its policies. Eventually to set up a secure
tunnel for IKE Phase 2.
Summary of Contents for Vigor2710 Series
Page 1: ...Vigor2710 Series User s Guide i ...
Page 2: ...Vigor2710 Series User s Guide ii ...
Page 6: ...Vigor2710 Series User s Guide vi ...
Page 12: ......
Page 28: ...Vigor2710 Series User s Guide 16 This page is left blank ...
Page 112: ...Vigor2710 Series User s Guide 100 This page is left blank ...