2 lan to lan l2tp connection – ZyXEL Communications Prestige 794M User Manual

Page 90

Advertising
background image

Prestige 794M User’s Guide

Chapter 7 VPN

90

7.4.1.2 LAN to LAN L2TP Connection

Use the L2TP LAN to LAN screen to create an L2TP VPN rule to connect to another VPN
device on the LAN.

Encryption

Select the encryption method from the pull-down menu. There are four

options, DES, 3DES, AES and NONE. NONE means it is a tunnel only with no

encryption. 3DES and AES are more powerful but increase latency.

DES stands for Data Encryption Standard, it uses 56 bits as an encryption

method.

3DES stands for Triple Data Encryption Standard, it uses 168 (56*3) bits

as an encryption method.

AES stands for Advanced Encryption Standards, it uses 128 bits as an

encryption method.

Perfect Forward

Secrecy

Perfect Forward Secret (PFS) is disabled (None) by default in phase 2 IPSec

SA setup. This allows faster IPSec setup, but is not so secure.
Specify an MODP (Modular Exponentiation Groups) mode from the drop-

down list box. Choices are MODP 768-bit (Group 1), MODP 1024-bit (Group

2) and MODP 1536-bit (Group 5). The larger the random number bits, the

higher the security ut slower.

Pre-shared Key

Enter your pre-shared key in this field. A pre-shared key identifies a

communicating party during a phase 1 IKE negotiation. It is called "pre-

shared" because you have to share it with another party before you can

communicate with them over a secure connection.
Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62

hexadecimal ("0-9", "A-F") characters. You must precede a hexadecimal key

with a "0x (zero x), which is not counted as part of the 16 to 62 character

range for the key. For example, in "0x0123456789ABCDEF", 0x denotes that

the key is hexadecimal and 0123456789ABCDEF is the key itself.

Note: Both ends of the VPN tunnel must use the same pre-

shared key.

You will receive a PYLD_MALFORMED (payload malformed) packet if the

same pre-shared key is not used on both ends.

Remote Host Name

This optional field is applicable when you select Dial Out in the Type field

above.
Enter the host name of the remote VPN device. The name must match to

establish a VPN connection.

Local Host Name

This field is optional.
Enter the host name of the Prestige.

Tunnel Authentication

Select this option to set the Prestige to authenticate both the remote L2TP

client and host. The remote L2TP client and host must also support this

feature.

Secret

This field is applicable when you select Tunnel Authentication above.
Enter the authentication key up to 16 alphanumerical characters.

Apply

Click Apply after changing settings.

Table 46 VPN: L2TP: Create: Remote Access Connection (continued)

LABEL

DESCRIPTION

Advertising
See also other documents in the category ZyXEL Communications Hardware: