User Manual
Table Of Contents
- Contents
- 1. Set Up and Access the Router
- 2. Specify Your Internet Settings Manually
- Use the Internet Setup Wizard
- Manually set up the router Internet connection
- Specify IPv6 Internet connections
- Requirements for entering IPv6 addresses
- Use Auto Detect for an IPv6 Internet connection
- Use Auto Config for an IPv6 Internet connection
- Set up an IPv6 6to4 tunnel Internet connection
- Set up an IPv6 6rd Internet connection
- Set up an IPv6 fixed Internet connection
- Set up an IPv6 DHCP Internet connection
- Set up an IPv6 PPPoE Internet connection
- Change the MTU size
- Set Up and Manage Dynamic DNS
- 3. Manage the Firewall and Security
- 4. Manage the LAN and VLAN Settings
- 5. Optimize Performance
- 6. Maintain the Router
- 7. Monitor the router and the router network
- 8. Set Up VPN Connections
- Set up an IPSec VPN connection
- Set up an OpenVPN connection
- Enable and configure OpenVPN on the router
- Install OpenVPN client software on a remote client
- Install the OpenVPN client utility and VPN configuration files on a Windows-based computer
- Install the OpenVPN client utility and VPN configuration files on a Mac
- Install the OpenVPN client utility and VPN configuration files on an iOS device
- Install the OpenVPN client utility and VPN configuration files on an Android device
- 9. Manage Port Forwarding and Port Triggering Traffic Rules
- 10. Troubleshooting
- A. Supplemental information
For this phase, the routers use the following:
- To secure the tunnel, the Encapsulating Security Protocol (ESP)
- For encryption, an encryption algorithm (MD5 or an SHA version)
-
For an integrity check (that is, to verify that the network traffic is not altered during
transmission in the tunnel), a hash algorithm (3DES or an AES version)
-
As an option for verification and exchange of keys, a Diffie-Hellman group
algorithm from DH1 (less secure) to DH24 (more secure)
We recommend that you use the default Phase 2 settings, but you can customize
the Phase 2 settings for increased security.
IMPORTANT: The settings that you define on both VPN routers must match. That is,
on each VPN router, the IP addressing scheme must be coordinated with the other VPN
router, the IKE Phase 1 settings must be identical on both VPN routers, and the IKE
Phase 2 settings must be identical on both VPN routers.
Add an IPSec VPN policy on the router
When you add an IPSec VPN tunnel, you must define the name for the tunnel, the IP
addresses, the pre-shared key, and either keep the Internet Key Exchange (IKE) version
1 (IKE1) advanced settings (which are the Phase 1 settings) or select the IKE version 2
(IKE2) advanced settings (which are the Phase 2 settings).
The advanced settings are the Phase 1 and Phase 2 settings. We recommend that you
use the default Phase 1 and Phase 2 settings. However, for increased security, or if your
network environments require it, you can customize these settings (see Customize Phase
1 and Phase 2 settings for an IPSec policy on page 127).
The following table shows the default Phase 1 and Phase 2 settings that the router uses.
Table 2. Default Phase 1 and Phase 2 settings for IKE1 and IKE2
DefaultsSetting
Phase 1 settings
md5, 3des, dh1Proposal
Main ModeExchange Mode
Initiator/Responder ModeNegotiation Mode
28800 secondsSA Lifetime
EnabledDPD
User Manual125Set Up VPN Connections
Insight Managed Business Router BR200