User Guide
Table Of Contents
- 1 At a glance
- 2 Quick setup
- 3 Login
- 4 System status
- 5 Internet settings
- 6 Wireless
- 7 Address reservation
- 8 Bandwidth control
- 9 Authentication
- 9.1 Overview
- 9.2 Configure captive portal
- 9.3 Example of captive portal
- 9.4 User management
- 10 AP mangement
- 11 Filter management
- 12 More settings
- 12.1 LAN settings
- 12.2 WAN parameters
- 12.3 Configure static route
- 12.4 Port mirroring
- 12.5 Manage your router remotely using web UI
- 12.6 DDNS
- 12.7 Port forwarding
- 12.8 DMZ host
- 12.9 UPnP
- 12.10 Any IP
- 12.11 Security settings
- 12.12 VPN server
- 12.13 VPN client
- 12.14 IPSec
- 12.15 Example of configuring VPN conenctions
- 12.16 Multi-WAN policy
- 13 Maintenance
- Appendix
160
IPSec 12.14
12.14.1
Overview
IPSec, abbreviated for Internet Protocol Security, is a protocol suite for transmitting data over the
internet in a secure and encrypted manner. The following terms will be used in this document to
describe IPSec configurations.
Encapsulation Mode
The router uses either Tunnel mode or Transport mode to encapsulate IP packets.
Tunnel Mode: It is most commonly used between security gateways.
Transport Mode: It is mainly used for end-to-end communications.
Security gateway
It refers to a gateway (secure and encrypted router) with the IPSec functionality. IPSec is used to
protect data exchanged between such gateways from tampering and peeping.
IPSec peer
The two IPSec terminals are called IPSec peers. The two peers (security gateways) can securely
exchange data only after a Security Association (SA) is set up between them.
SA
SA specifies some elements of the peers, such as the base protocol (AH, ESP, or both), encapsulation
mode (transport or tunnel), cryptographic algorithm (DES, 3DES, or AES), shared key for data
protection in specified flows, and life cycle of the key. SA has the following features:
A triplet {SPI, Destination IP address, Security protocol identifier} is used as a unique ID.
An SA specifies the protocol, algorithm, and key for processing packets.
Each IPsec SA is unidirectional with a life cycle.
An SA can be created manually or generated automatically using internet Key Exchange
(IKE).
12.14.2 Create IPSec connection
This section walks you through:
Configuring Tunnel mode.
Configuring transport mode.