beautypg.com

About ipsec tunnels, Configuration – Netopia R910 User Manual

Page 80

background image

10-80 User’s Reference Guide

The Netopia R910 Router suppor ts 128-bit (“strong”) encr yption. If the router you are connecting to does
not suppor t 128-bit encr yption, the Netopia router will default to 40-bit encr yption.

US encr yption regulations changed mid-Februar y, 2000, making it possible to include this new encr yption
feature as a standard par t of the firmware. This means that, worldwide, the Netopia R910 Router, because
it suppor ts VPN, also suppor ts 128-bit encr yption for free, when using PPTP tunnels.

ATMP does not have an option of using 128-bit MPPE. If you are using ATMP between two Netopia routers
you can optionally set 56-bit DES encr yption.

Unlike MS-CHAP version 1, which suppor ts one-way authentication, MS-CHAP version 2 suppor ts mutual
authentication between connected routers and is incompatible with MS-CHAP version 1 (MS-CHAPv1).
When you choose MS-CHAP as the authentication method for a PPTP tunnel, the Netopia router will star t
negotiating MS-CHAPv2. If the router or VPN adapter client you are connecting to does not suppor t
MS-CHAPv2, the Netopia router will fall back to MS-CHAPv1, or, if the router or VPN adapter client you are
connecting to does not suppor t MPPE at all, the PPP session will be dropped. This is done automatically
and transparently.

About IPsec Tunnels

IPsec stands for IP Security, a set of protocols that suppor ts secure exchange of IP packets at the IP layer.
IPsec is deployed widely to implement VPNs.

IPsec suppor ts two encr yption modes: Transpor t and Tunnel. Transpor t mode encr ypts only the data por tion
(payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encr ypts both the
header and the payload. On the receiving side, an IPsec-compliant device decr ypts each packet. Netopia
Routers suppor t the more secure Tunnel mode. The Netopia R910 offers IPsec DES encr yption over the VPN
tunnel.

DES stands for Data Encr yption Standard, a popular symmetric-key encr yption method. DES uses a 56-bit key.

C

C

C

Co

o

o

on

n

n

nffffiiiig

g

g

gu

u

u

urrrraa

a

attttiiiio

o

o

on

n

n

n

IPsec tunnels are defined in the same manner as PPTP tunnels. You configure the Connection Profile as follows.

From the Main Menu navigate to WAN Configuration and then Add Connection Profile.

Main

Menu

WAN

Configuration

Add Connection

Profile