Asante Technologies VR2004 user manual Perfect Forward Secure, Encryption Protocol

Page 46

The preferred way to do this is with automatic keying using the Internet Key Exchange Protocol (IKE). This requires that your ISP or firewall allows traffic for TCP port 500. Check with your ISP or network administrator if you are not sure if traffic for TCP port 500 is allowed.

If IKE is impossible for some reason, you can set up the router’s keys for each tunnel manually. This is described in more detail be- low (see section 4.4).

The other parameters on the VPN Settings page control how the VPN tunnel is set up. If you are creating the Secure Association (SA) using the IKE Mode (the default mode), complete the fields described in the following sections.

4.3.1 Perfect Forward Secure

This is an optional feature of IKE. When enabled (the default set- ting), this feature may impose some additional overhead on the router, but can offer added protection against an eavesdropper be- ing able to decode the encrypted data. Either setting is acceptable, but both ends of the tunnel must match settings. Click the respec- tive radio button to enable or disable this feature.

4.3.2 Encryption Protocol

The router is able to use two encryption protocols: choose NULL (no encryption), DES, or Triple DES (3DES). The same protocol must be chosen (must match) that provided by the remote device. Unless you have a need for one of the others, you should select 3DES.

46

FriendlyNET VPN Security Router

Image 46
Contents FriendlyNET VR2004 Series User’s ManualBefore You Start Quick Start Guide Determine Your TCP/IP SettingsMac OS Item No TCP/IP Control Panel Description Your Setting Description Your Setting Windows 98/MeItem No IP Configuration Description Your Setting Windows NT/2000Windows XP Install The Hardware Red Hat LinuxConfigure Your Router FriendlyNET VPN Security Router Table of Contents FriendlyNET VPN Security Router Features IntroductionIPSec Security IsakmpSystem Requirements Package ContentsFront and Rear Panel Descriptions LED Configuration Setup WizardDevice IP Settings Time Zone SettingsISP Settings Additional ISP Settings Enable Pptp Client Wireless Settings VR2004AC only WEP Security and Apple Airport Wireless Cards Modem SettingsEncryption VPN Settings Save and RestartDevice Status Device InformationUp and running Not working ---------l l System Tools FriendlyNET VPN Security Router Advanced Settings Dhcp Server SettingsIP Address Pool Range Virtual Server SettingsIP Address Reservation Page Wireless Access Control Settings Routing Settings Static Routing TableDynamic Routing Settings Filter Settings LAN Filter SettingsIP Address Range 192.168.123.10 to WAN Filter SettingsIP Address Range 172.16.203.1 to Administrative Settings Password SettingsSystem Log Miscellaneous Remote System AdministrationSystem Parameters Dynamic DNS Settings URL Filter Settings Mail AlertSave and Restart FriendlyNET VPN Security Router VPN Configuration Network-to-NetworkLAN VR2004 ‘A’ West end Connection Name West-East Client-to-Network Mode 1- Dynamic IP AddressMode 2-Static fixed IP Address Remote IP Network Remote IP Netmask Remote Gateway IPIPSec Keying IKE Mode Remote IP NetworkPerfect Forward Secure Encryption ProtocolKey Life Manual ModePre-Shared Key IKE Life TimeIncoming and Outgoing SPI Security Parameter Index Authentication ProtocolEncryption Key Authentication Key FriendlyNET VPN Security Router Appendix A. Warranty Statement and FriendlyCare Support Personalized Support On-line SupportAsanté Forums Appendix B. FCC Statement FriendlyNET VPN Security Router Appendix C. Troubleshooting Troubleshooting with the Status LEDsUsing Windows Ping Problems Accessing RouterUsing Macintosh WhatRoute Cabling Problems Other hints about cabling Windows NT/2000 Appendix D. Renewing Client IP AddressesWindows 98/Me MacintoshFriendlyNET VPN Security Router Appendix E. Service Ports Port ServiceFriendlyNET VPN Security Router Network and Client Platforms compatibility Appendix F. Hardware and Software CompatibilityProtocols Supported Application Software CompatibilityFriendlyNET VPN Security Router Appendix G. Specifications Software OverviewAdvanced Settings Applications Interoperability Performance Appendix H. Configuring a System Log Server Red Hat LinuxMac OS Click on the Firewall tab and click New... to add a new rule Microsoft Windows Appendix I. Your 802.11b Wireless Network Optimum PerformanceAdministrator’s Password SecurityMAC Address Control WEP EncryptionSales