Cisco Systems WRV54G manual Advanced VPN Tunnel Setup

Page 37

Wireless-G VPN Broadband Router

When finished making your changes on this tab, click the Save Settings button to save these changes, or click the Cancel Changes button to undo your changes. Advanced VPN Tunnel Setup

From the Advance VPN Tunnel Setup screen, shown in Figure 6-19, you can adjust the settings for specific VPN tunnels.

Phase 1

Phase 1 is used to create a security association (SA), often called the IKE SA. After Phase 1 is completed, Phase 2 is used to create one or more IPSec SAs, which are then used to key IPSec sessions.

Operation Mode. There are two modes: Main and Aggressive, and they exchange the same IKE payloads in different sequences. Main mode is more common; however, some people prefer Aggressive mode because it is faster. Main mode is for normal usage and includes more authentication requirements than Aggressive mode. Main mode is recommended because it is more secure. No matter which mode is selected, the VPN Router will accept both Main and Aggressive requests from the remote VPN device.

Encryption. Select the length of the key used to encrypt/decrypt ESP packets. There are two choices: DES and 3DES. 3DES is recommended because it is more secure.

Authentication. Select the method used to authenticate ESP packets. There are two choices: MD5 and SHA. SHA is recommended because it is more secure.

Group. There are two Diffie-Hellman Groups to choose from: 768-bit and 1024-bit. Diffie-Hellman refers to a cryptographic technique that uses public and private keys for encryption and decryption.

Key Life Time. In the Key Lifetime field, you may optionally select to have the key expire at the end of a time period of your choosing. Enter the number of seconds you’d like the key to be used until a re-key negotiation between each endpoint is completed.

Phase 2

Encryption. The encryption method selected in Phase 1 will be displayed.

Authentication. The authentication method selected in Phase 1 will be displayed.

Group. There are two Diffie-Hellman Groups to choose from: 768-bit and 1024-bit. Diffie-Hellman refers to a cryptographic technique that uses public and private keys for encryption and decryption.

Key Life Time. In the Key Lifetime field, you may optionally select to have the key expire at the end of a time period of your choosing. Enter the number of seconds you’d like the key to be used until a re-key negotiation between each endpoint is completed.

Chapter 6: Configuring the Router

Figure 6-19: Advanced VPN Tunnel Setup

33

The Security Tab

Page 36 Page 38
Image 37
Page 36 Page 38
Contents 802 GHz .11g Wireless- G Copyright and Trademarks How to Use this GuideWord definition Table of Contents Frequently Asked Questions Wireless SecurityWelcome IntroductionWhat’s in this Guide? Wireless-G Broadband VPN Router Router’s Functions Planning your Wireless NetworkIP Addresses What’s an IP Address?Dhcp Dynamic Host Configuration Protocol Servers Why do I need a VPN?Dynamic IP Addresses What is a VPN? VPN Router to VPN Router Wireless-G VPN Broadband Router Back Panel Getting to Know the Wireless-G VPN Broadband RouterDMZ Front PanelOverview Connecting the Wireless-G Broadband RouterWireless Connection to a PC Wired Connection to a PCWireless-G VPN Broadband Router Configuring Windows 98 and Millennium PCs Configuring the PCsProperties Configuring Windows 2000 PCsConfiguring Windows XP PCs Setup Configuring the RouterWireless Administration Access RestrictionsSecurity Applications & GamingSetup Tab How to Access the Web-based UtilityBasic Setup Tab Internet SetupStatic Internet Connection Type Pptp Internet Connection Type Optional Settings Required by some ISPsNetwork Setup DynDNS.org Ddns TabAdvanced Routing Tab MAC Address Clone Tab See FigureMAC Clone Advanced Routing10 Routing Table Static RoutingBasic Wireless Settings See Figure Wireless TabWireless Network WEP See Figure Wireless Security13 Wireless Network Access Wireless Network Access See Figure15 Advanced Wireless Settings Advanced Wireless Settings See Figure Firewall Security TabVPN 18 Manual Key Management 19 Advanced VPN Tunnel Setup WEP Access Restriction Access Restrictions Tab23 Internet Filter Summary Port Range Forwarding Applications and Gaming Tab27 Port Triggering Port Triggering28 UPnP Forwarding UPnP ForwardingDMZ Router Password Administration TabManagement UPnP LogEmail Alert Syslog NotificationNotification Queue Length DiagnosticsAlert Log General Log33 Factory Default Router StatusInformation WAN Connections36 Local Network Local NetworkSystem Performance 38 WirelessCommon Problems and Solutions Appendix a TroubleshootingNeed to set a static IP address on a PC Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router TCP UDP Can’t get the Internet game, server, or application to work Need to upgrade the firmware To start over, I need to set the Router to factory defaultFirmware upgrade failed, and/or the Power LED is flashing Power LED flashes continuously My DSL service’s PPPoE is always disconnectingWhere is the Router installed on the network? Frequently Asked QuestionsIs IPSec Pass-Through supported by the Router? Does the Router support IPX or AppleTalk?Does the Router support ICQ send file? What is Network Address Translation and what is it used for?How can I block corrupted FTP downloads? What are the advanced features of the Router? What is DMZ Hosting?Is the Router cross-platform compatible? How many ports can be simultaneously forwarded?What Ieee 802.11b features are supported? What is the Ieee 802.11g standard?What is ad-hoc mode? What is infrastructure mode?What is Spread Spectrum? What is ISM band?What is DSSS? What is FHSS? And what are their differences? What is WEP?How do I resolve issues with signal loss? How do I reset the Router?Have excellent signal strength, but I cannot see my network Brief Overview Appendix B Wireless SecurityWhat Are The Risks? Jamming Attacks Passive AttacksActive Attacks Maximizing Wireless SecurityDictionary-Building or Table Attacks Man-in-the-Middle Attacks5SSID 8WEP Wireless-G VPN Broadband Router Figure B-2 WEP 4GHz/802.11b and 802.11g WEP EncryptionWRV54G EnvironmentCreate an IPSec Policy How to Establish a Secure IPSec TunnelBuild Filter Lists Filter List 1 win-routerFigure C-4 IP Filter List Filter List 2 router-winFigure C-7 IP Filter List Tunnel 1 win-router Configure Individual Tunnel RulesFigure C-13 Authentication Methods Tunnel 2 router-win Figure C-16 Tunnel Setting TabFigure C-19 IP Filter List Tab Figure C-22 Preshared Key Figure C-25 Connection Type Assign New IPSec PolicyFigure C-28 VPN Tab Create a Tunnel Through the Web-Based UtilityWindows 98 or Me Instructions Figure D-1 IP Configuration ScreenFigure D-3 MAC Address/Physical Address Windows 2000 or XP InstructionsAppendix E Snmp Functions Appendix F Upgrading Firmware Figure F-1 Upgrade FirmwareShared Resources Appendix G Windows HelpNetwork Neighborhood/My Network Places Appendix H Glossary Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router Wireless-G VPN Broadband Router Transmit Power 19dBm LEDs Appendix I SpecificationsUp to 54Mbps wireless, up to 100 Mbps LAN FCC Statement Appendix J Regulatory InformationFCC Part 68 Statement Safety Notices Limited Warranty Appendix K Warranty InformationAppendix L Contact Information
Top Page Image Contents