Draytek 2130 User Manual

Vigor2130 Series User’s Guide

157

Authentication Type

-

Determine the authentication method for remote dial-in

user.

Preshared secret – If you choose this one, you have to type the
shared secret manually and specify local identity. When using
Preshared secret, all clients share the same secret.

Certificates - If you choose this one, you have to choose local
certificate from the Local Certificate drop down list and type
in local identity. Then, use Add Identity to specify remote
identity for this service.

Identities

Local Certificate - Used to authenticate the local part of the
VPN tunnel (while using certificate-based authentication).

Local Identity - Specify a local ID to be used for Dial-in
setting in the LAN-to-LAN Profile setup. This item is optional
and can be used only in IKE aggressive mode. It can also be a
DNS name or an email address.

Remote Identities - Define the identities of allowed clients.

Advanced Settings

Phase 1 (IKE) Encryption - Negotiation of IKE parameters
including encryption, hash, Diffie-Hellman parameter values,
and lifetime to protect the following IKE exchange,
authentication of both peers using either a Pre-Shared Key or
Digital Signature (x.509). The peer that starts the negotiation
proposes all its policies to the remote peer and then remote peer
tries to find a highest-priority match with its policies.

Phase 2 (IPSec) Encryption - Negotiation IPSec security
methods including Authentication Header (AH) or
Encapsulating Security Payload (ESP) for the following IKE
exchange and mutual examination of the secure tunnel