Home » Cisco Manuals » Bridges & Routers » Cisco 3825 » Manual Viewer

Cisco 3825 User Guide - Page 57

Perfect Forward Secrecy PFS, Inbound SPI/Outbound SPI - vpn

UPC - 746320981505

Add to My Manuals
Save this manual to your list of manuals

Page 57 highlights

Configure Security Section Field Description Key Select one of the following options for the key exchange method: Management (continued) ƒ Auto (IKE) - Encryption: The Encryption method determines the length of the key used to encrypt/decrypt ESP packets. Notice that both sides must use the same method. - Authentication: The Authentication method authenticates the Encapsulating Security Payload (ESP) packets. Select MD5 or SHA. Notice that both sides (VPN endpoints) must use the same method. ƒ MD5: A one-way hashing algorithm that produces a 128-bit digest ƒ SHA: A one-way hashing algorithm that produces a 160-bit digest - Perfect Forward Secrecy (PFS): If PFS is enabled, IKE Phase 2 negotiation will generate new key material for IP traffic encryption and authentication. Note that both sides must have PFS enabled. - Pre-Shared Key: IKE uses the Pre-Shared Key to authenticate the remote IKE peer. Both character and hexadecimal values are acceptable in this field, e.g., "My_@123" or "0x4d795f40313233". Note that both sides must use the same Pre-Shared Key. - Key Lifetime: This field specifies the lifetime of the IKE generated key. If the time expires, a new key will be renegotiated automatically. The Key Lifetime may range from 300 to 100,000,000 seconds. The default lifetime is 3600 seconds. ƒ Manual - Encryption: The Encryption method determines the length of the key used to encrypt/decrypt ESP packets. Notice that both sides must use the same method. - Encryption Key: This field specifies a key used to encrypt and decrypt IP traffic. Both character and hexadecimal values are acceptable in this field. Note that both sides must use the same Encryption Key. - Authentication: The Authentication method authenticates the Encapsulating Security Payload (ESP) packets. Select MD5 or SHA. Notice that both sides (VPN endpoints) must use the same method. ƒ MD5: A one-way hashing algorithm that produces a 128-bit digest ƒ SHA: A one-way hashing algorithm that produces a 160-bit digest - Authentication Key: This field specifies a key used to authenticate IP traffic. Both character and hexadecimal values are acceptable in this field. Note that both sides must use the same Authentication Key. - Inbound SPI/Outbound SPI: The Security Parameter Index (SPI) is carried in the ESP header. This enables the receiver to select the SA, under which a packet should be processed. The SPI is a 32-bit value. Both decimal and hexadecimal values are acceptable. e.g., "987654321" or "0x3ade68b1". Each tunnel must have a unique Inbound SPI and Outbound SPI. No two tunnels share the same SPI. Note that the Inbound SPI must match the remote gateway's Outbound SPI, and vice versa. 4021196 Rev A 57

Section	Page
Cisco Model DPC3825 and EPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway User Guide	1
IMPORTANT SAFETY INSTRUCTIONS	2
Notice to Installers	2
Notice à l’attention des installateurs de réseaux câblés	2
Mitteilung für CATV-Techniker	3
Aviso a los instaladores de sistemas CATV	3
IMPORTANT SAFETY INSTRUCTIONS	4
Power Source Warning	4
Ground the Product	4
Protect the Product from Lightning	5
Verify the Power Source from the On/Off Power Light	5
Eliminate AC Mains Overloads	5
Provide Ventilation and Select a Location	5
Protect from Exposure to Moisture and Foreign Objects	5
Service Warnings	5
Check Product Safety	6
Protect the Product When Moving It	6
United States FCC Compliance	7
Declaration of Conformity	7
Canada EMI Regulation	7
Dynamic Frequency Selection (DFS) Dual Band Frequencies	8
Radiation Exposure Statements	8
US	8
Canada	8
EU	8
Australia	8
CE Compliance	8
Declaration of Conformity with Regard to the EU Directive 1999/5/EC (R&TTE Directive)	9
National Restrictions	10
France	10
Italy	10
Latvia	10
Antennas	11
Introduction	12
Benefits and Features	12
What's In the Carton?	14
Front Panel Description	15
Back Panel Description	16
What Are the System Requirements for Internet Service?	18
Minimum System Requirements for a PC	18
Minimum System Requirements for Macintosh	18
System Requirements for an Ethernet Connection	18
How Do I Subscribe to High-Speed Internet Service?	19
I Do Not Have a High-Speed Internet Access Account	19
I Already Have an Existing High-Speed Internet Access Account	19
Where Is the Best Location for My DOCSIS Residential Gateway?	20
How Do I Mount the Modem on a Wall? (Optional)	21
Before You Begin	21
Location and Dimensions of the Wall-Mounting Slots	22
Mounting the Residential Gateway on a Wall	23
How Do I Connect My Gateway for Internet Service?	24
Connecting and Installing Internet Devices	24
To connect devices	24
Connecting the Residential Gateway for High-Speed Data Service	24
How Do I Configure My DOCSIS Residential Gateway?	26
Logging in to the Gateway for the First Time	26
Setup > Quick Setup	28
Configuring Quick Settings	29
Setup > Lan Setup	31
Configuring Your Network Settings	31
Setup > DDNS	33
Configure Wireless Settings	35
Wireless > Basic Settings	35
Wi-Fi Protected Setup (WPS)	35
Wireless Configuration Wi-Fi Protected Setup Example	36
Wireless Configuration Wi-Fi Protected Setup Page Description	36
Wireless Configuration Manual Page Example	37
	37
Wireless Basic Settings Page Description	37
Wireless > Wireless Security	39
Wireless Security Page Description	40
Wireless > MAC Filter	43
	43
Wireless MAC Filter Page Description	43
Wireless > Advanced Settings	44
Wireless Advanced Settings Page Description	45
Wireless > WDS Settings	48
Wireless WDS Settings Page Description	48
Wireless > QoS	49
Wireless QoS Page Description	49
Configure Security	51
Security > Firewall	51
Security > VPN Passthrough	53
Security > VPN	54
Security VPN Tunnel Page Description	55
View Log	59
Control Access to the Gateway	60
Access Restrictions > IP Address Filtering	60
Access Restrictions > MAC Address Filtering	60
Function Keys	61
Access Restrictions > Basic Rules	62
To use keyword and domain blocking	64
Block Access to Websites	64
Access Restrictions > Time of Day Rules	65
Access Restrictions Time of Day Rules Page Description	65
Access Restrictions > User Setup	66
Access Restrictions User Setup Page Description	67
Access Restrictions > Local Log	68
Configure Applications and Gaming	69
Overview	69
Applications & Gaming > Port Filtering	69
Applications and Gaming Port Filtering Page Description	69
Applications & Gaming > Port Range Forwarding	70
Applications and Gaming Port Range Forward Page Description	71
Applications & Gaming > Port Range Triggering	72
Applications and Gaming Port Range Triggering Page Description	72
Applications & Gaming > DMZ	73
Applications and Gaming DMZ Page Description	74
Manage the Gateway	75
Administration > Management	75
Administration Management Page Description	75
Administration > Reporting	79
View Log	80
Administration > Diagnostics	81
Administration > Backup & Restore	82
Administration > Factory Defaults	83
Restore Factory Defaults	83
Monitor Gateway Status	84
Status > Gateway	84
Status > Local Network	85
Status > Wireless	87
Status Wireless Page Description	88
Status > DOCSIS WAN	89
DOCSIS WAN Page Description	89
Frequently Asked Questions	91
Q. How Do I Configure TCP/IP Protocol?	91
Configuring TCP/IP on Windows 2000 Systems	91
Configuring TCP/IP on Windows XP Systems	91
Configuring TCP/IP on Macintosh Systems	92
Q. How Do I Renew the IP Address on My PC?	92
Renewing the IP Address on Windows 95, 98, 98SE, and ME Systems	93
Renewing the IP Address on Windows NT, 2000, or XP Systems	93
Q. What if I don't subscribe to cable TV?	93
Q. How do I arrange for installation?	93
Q. How does the residential gateway connect to my computer?	94
Q. After my residential gateway is connected, how do I access the Internet?	94
Q. Can I watch TV and surf the Internet at the same time?	94
Common Troubleshooting Issues	94
I don't understand the front panel status indicators	94
The residential gateway does not register an Ethernet connection	94
The residential gateway does not register an Ethernet connection after connecting to a hub	94
The residential gateway does not register a cable connection	94
Tips for Improved Performance	95
Check and Correct	95
Front Panel LED Status Indicator Functions	96
Initial Power Up, Calibration, and Registration (AC Power applied)	96
Normal Operations (AC Power applied)	98
Special Conditions	99
Notices	100
Trademarks	100
Disclaimer	100
Documentation Copyright Notice	100
Software and Firmware Use	100
For Information	101

Match case Limit results 1 per page

4021196 Rev A

Configure Security

Section

Field Description

Key

Management

(continued)

Select one of the following options for the key exchange method:

Auto (IKE)

–

Encryption:

The Encryption method determines the length of the key used

to encrypt/decrypt ESP packets. Notice that both sides must use the same

method.

–

Authentication:

The Authentication method authenticates the

Encapsulating Security Payload (ESP) packets. Select

MD5

SHA

. Notice

that both sides (VPN endpoints) must use the same method.

MD5: A one-way hashing algorithm that produces a 128-bit digest

SHA: A one-way hashing algorithm that produces a 160-bit digest

–

Perfect Forward Secrecy (PFS)

: If PFS is enabled, IKE Phase 2 negotiation

will generate new key material for IP traffic encryption and authentication.

Note that both sides must have PFS enabled.

–

Pre-Shared Key:

IKE uses the Pre-Shared Key to authenticate the remote

IKE peer. Both character and hexadecimal values are acceptable in this

field, e.g., "My_@123" or "0x4d795f40313233". Note that both sides must use

the same Pre-Shared Key.

–

Key Lifetime:

This field specifies the lifetime of the IKE generated key. If

the time expires, a new key will be renegotiated automatically. The Key

Lifetime may range from 300 to 100,000,000 seconds. The default lifetime is

3600

seconds.

Manual

–

Encryption:

The Encryption method determines the length of the key used

to encrypt/decrypt ESP packets. Notice that both sides must use the same

method.

–

Encryption Key:

This field specifies a key used to encrypt and decrypt IP

traffic. Both character and hexadecimal values are acceptable in this field.

Note that both sides must use the same Encryption Key.

–

Authentication:

The Authentication method authenticates the

Encapsulating Security Payload (ESP) packets. Select MD5 or SHA. Notice

that both sides (VPN endpoints) must use the same method.

MD5: A one-way hashing algorithm that produces a 128-bit digest

SHA: A one-way hashing algorithm that produces a 160-bit digest

–

Authentication Key:

This field specifies a key used to authenticate IP

traffic. Both character and hexadecimal values are acceptable in this field.

Note that both sides must use the same Authentication Key.

–

Inbound SPI/Outbound SPI:

The Security Parameter Index (SPI) is carried

in the ESP header. This enables the receiver to select the SA, under which a

packet should be processed. The SPI is a 32-bit value. Both decimal and

hexadecimal values are acceptable. e.g., "987654321" or "0x3ade68b1". Each

tunnel must have a unique Inbound SPI and Outbound SPI. No two tunnels

share the same SPI. Note that the Inbound SPI must match the remote

gateway's Outbound SPI, and vice versa.