Netopia r6100 Guida Di Riferimento
15-8 User’s Reference Guide
MS-CHAP V2 and strong encryption
Notes:
■
The Netopia R6000 Series suppor ts 128-bit (“strong”) encr yption. If the router you are connecting to does
not suppor t 128-bit encr yption the Netopia Router will default to 40-bit encr yption.
not suppor t 128-bit encr yption the Netopia Router will default to 40-bit encr yption.
■
Unlike MS-CHAP version 1, which suppor ts one-way authentication, MS-CHAP version 2 suppor ts mutual
authentication between connected routers and is incompatible with MS-CHAP version 1 (MS-CHAP-V1).
When you choose MS-CHAP as the authentication method for the PPTP tunnel, the Netopia Router will star t
negotiating MS-CHAP-V2. If the router you are connecting to does not suppor t MS-CHAP-V2, it will fall back
to MS-CHAP-V1, or, if the router you are connecting to does not suppor t MPPE at all, the PPP session will
be dropped.
authentication between connected routers and is incompatible with MS-CHAP version 1 (MS-CHAP-V1).
When you choose MS-CHAP as the authentication method for the PPTP tunnel, the Netopia Router will star t
negotiating MS-CHAP-V2. If the router you are connecting to does not suppor t MS-CHAP-V2, it will fall back
to MS-CHAP-V1, or, if the router you are connecting to does not suppor t MPPE at all, the PPP session will
be dropped.
About IPsec Tunnels
IPsec stands for IP Security, a set of protocols that suppor ts secure exchange of IP packets at the IP layer.
IPsec is deployed widely to implement Vir tual Private Networks (VPNs).
IPsec is deployed widely to implement Vir tual Private Networks (VPNs).
IPsec suppor ts two encr yption modes: Transpor t and Tunnel. Transpor t mode encr ypts only the data por tion
(payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encr ypts both the
header and the payload. On the receiving side, an IPsec-compliant device decr ypts each packet. Netopia
Routers suppor t the more secure Tunnel mode.
(payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encr ypts both the
header and the payload. On the receiving side, an IPsec-compliant device decr ypts each packet. Netopia
Routers suppor t the more secure Tunnel mode.
DES stands for Data Encr yption Standard, a popular symmetric-key encr yption method. DES uses a 56-bit key.
Netopia R6000 Series Routers offer IPsec DES encr yption over the VPN tunnel. The optional VPN Accelerator
(TER/VPN1) increases the level of encr yption by offering 3DES (Triple-DES) encr yption for VPN tunnel
Connection Profiles. It also accelerates PPTP MMPE, ATMP DES, and PPP LZS.
(TER/VPN1) increases the level of encr yption by offering 3DES (Triple-DES) encr yption for VPN tunnel
Connection Profiles. It also accelerates PPTP MMPE, ATMP DES, and PPP LZS.
C
C
C
Co
o
o
on
n
n
nffffiiiig
g
g
gu
u
u
urrrraa
a
attttiiiio
o
o
on
n
n
n
IPsec tunnels are defined in the same manner as PPTP tunnels. You configure the Connection Profile as follows.
From the Main Menu navigate to WAN Configuration and then Add Connection Profile.
Main
Menu
WAN
Configuration
Add Connection
Profile