Configuring security Configure user security settings
Digi TransPort® Routers User Guide
756
Configure advanced user settings
ÉWeb
1. Go to Configuration > Security> Users > User n> Advanced.
2. Enter and change advanced user settings as needed.
Allow this user to log in over a PPP network
Enabling this setting allows the user to log in to the router using PPP. Disabling this disables
PPP login for the user, no matter their access level.
Use this number x when PPP dial-back is required for this user
The telephone number for the user in the event that dial-back is required. If the username that
the remote router uses during the PPP authentication matches the username of the user
where a dial-back number is configured, the user’s dial-back number overrides any dial-back
number configured in the answering PPP interface.
Alternate IKE Key / Confirm Alternate IKE Key
When IKE is the initiator, the responder-supplied HASH is checked using the normal password
(above) and if that fails, the Alternate Key (this setting). The initiator remembers which
password was successful, and uses that password to create the HASH if it becomes the
responder of some new negotiation. If the IKE becomes a responder and IKE negotiations fail
after supplying the HASH, the next negotiation uses the other password. Using this Alternate
Key, it should be possible to configure new passwords into both ends of a tunnel, and not have
too many failed negotiations. The process would be to add the Alternate Key into the remote
router, then update the local router with the Alternate Key. Once that has been done, the
administrator could move the Alternate Key to the usual location (Password) and remove the
Alternate Key (newpwd) from the configuration. Should a negotiation take place during the
period where the Alternate Key has been entered into the remote router, but not the local
router, there should be no more than one failed negotiation, and only if the remote router is
the initiator.
Remote Peer IP address
In certain circumstances, it may be desirable for a user connecting in over a PPP connection to
be allocated a specific IP address, rather than be allocated an address from a pool configured
on a PPP interface. When this parameter is configured, the IP address negotiated on the PPP
link will be this one, not an address from the regular IP address pool.
Remote Peer IP subnet
If multiple PPP interfaces are enabled for answering and multiple remote routers can dial into
the local router, the router cannot always use static routes cannot to ensure that packets
which should be routed to the remote network are sent through the correct PPP interface.
Use this parameter with the Remote Peer IP subnet mask parameter to associate a network
subnet with a user. When a remote unit connects in and authenticates with the router, the
router creates a dynamic route that will override any static routes for the duration of the PPP
session. The interface for the dynamic route is the PPP interface that answered the call. The
network address for the dynamic route comes from the entry in the user table matching the
username the remote unit used during PPP authentication.
To Next Page
Loading...
