|
por este dispositivo também tem outras instruções :
Facilidade de uso
• Single/Start IP Address. Enter an IP address that is on the remote LAN. You can use this setting when you want to access a server on the remote LAN. -For a range of addresses, enter the starting IP address. This needs to be an address range used on the remote LAN. -Any. Any outgoing traffic from the computers in the Local IP fields triggers an attempted VPN connection to the remote VPN endpoint. Be sure you want this option before selecting it. • Finish IP Address. Enter the finish IP address for a range of addresses. This has to be an address range used on the remote LAN. • Subnet Mask. Enter the network mask. VPN Auto Policy IKE Settings • Direction. This setting is used when the modem router determines if the IKE policy matches the current traffic. Select an option. -Responder only. Incoming connections are allowed, but outgoing connections are blocked. -Initiator and Responder. Both incoming and outgoing connections are allowed. • Exchange Mode. Ensure that the remote VPN endpoint is set to use Main Mode. • Diffie-Hellman (DH) Group. The Diffie-Hellman algorithm is used when keys are exchanged. The DH Group setting determines the bit size used in the exchange. This value needs to match the value used on the remote VPN gateway. • Local Identity Type. Select an option to match the Remote Identity Type setting on the remote VPN endpoint. -WAN IP Address. Your Internet IP address. -Fully Qualified Domain Name. Your domain name. -Fully Qualified User Name. Your name, email address, or other ID. -Local Identity Data. Enter the data for the local identity type that you selected. (If WAN IP Address is selected, no input is required.) • Remote Identity Type. Select the option that matches the Local Identity Type setting on the remote VPN endpoint. -IP Address. The Internet IP address of the remote VPN endpoint. -Fully Qualified Domain Name. The domain name of the remote VPN endpoint. -Fully Qualified User Name. The name, email address, or other ID of the remote VPN endpoint. -Remote Identity Data. Enter the data for the remote identity type that you selected. If IP Address is selected, no input is required. VPN Auto Policy Parameters • Encryption Algorithm. The encryption algorithm used for both IKE and IPSec. This setting has to match the setting used on the remote VPN gateway. DES and 3DES are supported. -DES. The Data Encryption Standard (DES) processes input data that is 64 bits wide, encrypting these values using a 56-bit key. Faster but less secure than 3DES. -3DES. (Triple DES) achieves a higher level of security by encrypting the data three times using DES with three different, unrelated keys. • Authentication Algorithm. The authentication algorithm used for both IKE and IPSec. This setting has to match the setting used on the remote VPN gateway. Auto, MD5, and SHA-1 are supported. Auto negotiates with the remote VPN endpoint and is not available in responder-only mode. -MD5. 128 bits, faster but less secure. -SHA-1. 160 bits, slower but more secure. This is the default. • Pre-shared Key. The key has to be entered both here and on the remote VPN gateway. • SA Life Time. The time interval before the SA (security association) expires. (It is automatically reestablished as required.) While using a short time period (or data amount) increases security, it also degrades performance. It is common to use periods over an hour (3600 seconds) for the SA life time. This setting applies to both IKE and IPSec SAs. • Enable IPSec PFS (Perfect Forward Secrecy). If this check box is selected, security is enhanced by ensuring that the key is changed at regular intervals. Also, even if one key is broken, subsequent keys are no easier to break. (Each key has no relationship to the previous key.) This setting applies to both IKE and IPSec SAs. When configuring the remote endpoint to match this setting, you might have to specify the key group used. For this device, the key group is the same as the DH Group setting in the IKE section. Example of Using Auto Policy Gateway AGateway BVPN TunnelInternet22.23.24.2514.15.16.17IP: 192.168.0.1IP:192.168.3.1 Figure 13. Auto Policy for a Gateway-to-Gateway tunnel The following settings are assumed for this example:. Table 8. Gateway-to-Gateway VPN Tunnel Configuration Worksheet Parameter Value to Be Entered Field Selection Connection Name GtoG N/A Pre-Shared Key 12345678 N/A Secure Association N/A Main Mode Manual Keys Perfect Forward secrecy N/A Enabled Disabled Encryption Protocol N/A DES 3DES Authentication Protocol N/A MD5 SHA-1 Diffie-Hellman (DH) Group N/A Group 1 Group 2 Key Life in seconds 28800 (8 hours) N/A IKE Life Time in seconds 3600 (1 hour) N/A VPN Endpoint Local IPSecID LAN IP Address Subnet Mask FQDN or Gateway IP (WAN IP Address Gateway_A GW_A 192.168.0.1 255.255.255.0 14.15.16.17 Gateway_B GW_B 192.168.3.1 255.255.255.0 22.23.24.25 1. Set the LAN IPs on each modem router to different subnets and configure each correctly for the Internet. 2. Select Advanced - VPN > ...