Draytek VigorPro 5500 Series User Manual

Page 122

background image

VigorPro5500 Series User’s Guide

114

VJ compression

This field is applicable when you select ISDN, PPTP or L2TP
with or without IPSec policy above. VJ Compression is used
for TCP/IP protocol header compression. Normally set to Yes
to improve bandwidth utilization.

IKE Authentication
Method

This group of fields is applicable for IPSec Tunnels and L2TP
with IPSec Policy.
Pre-Shared Key-Input 1-63 characters as pre-shared key.
Digital Signature (X.509) - Select one predefined Profiles set
in the VPN and Remote Access >>IPSec Peer Identity.

IPSec Security Method

This group of fields is a must for IPSec Tunnels and L2TP
with IPSec Policy.

Medium (AH - Authentication Header) means data will be
authenticated, but not be encrypted. By default, this option is
active.

High (ESP-Encapsulating Security Payload)- means
payload (data) will be encrypted and authenticated. Select
from below:
DES without Authentication -Use DES encryption algorithm
and not apply any authentication scheme.
DES with Authentication-Use DES encryption algorithm and
apply MD5 or SHA-1 authentication algorithm.
3DES without Authentication-Use triple DES encryption
algorithm and not apply any authentication scheme.
3DES with Authentication-Use triple DES encryption
algorithm and apply MD5 or SHA-1 authentication algorithm.
AES without Authentication-Use AES encryption algorithm
and not apply any authentication scheme.
AES with Authentication-Use AES encryption algorithm and
apply MD5 or SHA-1 authentication algorithm.

Advanced

Specify mode, proposal and key life of each IKE phase,
Gateway etc.
The window of advance setup is shown as below:

IKE phase 1 mode -Select from Main mode and Aggressive
mode. The ultimate outcome is to exchange security proposals
to create a protected secure channel. Main mode is more
secure than Aggressive mode since more exchanges are done
in a secure channel to set up the IPSec session. However, the
Aggressive mode is faster. The default value in Vigor router is
Main mode.
IKE phase 1 proposal-To propose the local available