Linksys BEFVP41 manual Access Restrictions, Phase, Proposal, Other Settings

Page 16

Chapter 3

Advanced Configuration

Advanced VPN Tunnel Setup

Phase 1

Phase 1 is used to create a security association (SA), often called the IKE SA. After Phase 1 is completed, Phase 2 is used to create one or more IPSec SAs, which are then used to key IPSec sessions.

Operation mode  There are two types of Phase 1 exchanges, Main mode and Aggressive mode, which exchange the same IKE payloads in different sequences. Main mode is for normal usage and includes more authentication requirements than Aggressive mode. If network security is preferred, select Main mode. If network speed is preferred, select Aggressive mode. No matter which mode is selected, the VPN Router will accept both Main and Aggressive requests from the remote VPN device.

Username  If a user on one side of the tunnel is using a unique firewall identifier, then select this option and enter the unique firewall identifier.

Proposal 1

Encryption  Select the length of the key used to encrypt/ decrypt ESP packets. Select DES or 3DES. 3DES is recommended because it is more secure.

Authentication  Select the method used to authenticate ESP packets. Select MD5 or SHA. SHA is recommended because it is more secure.

Group  Select the Diffie-Hellman Group, which is a cryptographic technique that uses public and private keys for encryption and decryption. Select 768-bitor 1024bit.

Key Lifetime  Enter the number of seconds you want the key to last before a re-key negotiation between each endpoint is completed. The default is 3600 seconds.

Phase 2

The Encryption, Authentication, and PFS settings are automatically displayed.

Group  Select the Diffie-Hellman Group, which is a cryptographic technique that uses public and private keys for encryption and decryption. Select 768-bitor 1024bit.

Key Lifetime  Enter the number of seconds you want the key to last before a re-key negotiation between each endpoint is completed. The default is 3600 seconds.

Other Settings

NetBIOS broadcast  To enable NetBIOS traffic to pass through the VPN tunnel, select this option.

Anti-replay Anti-replay protection keeps track of sequence numbers as packets arrive, ensuring security at the IP packet level. To enable the Anti-replay protection, select this option.

Keep-Alive Keep-Alive helps maintain IPSec VPN tunnel connections. To re-establish the VPN tunnel whenever it is dropped, select this option.

If IKE failed more than _ times, block this unauthorized IP for _ seconds  To block unauthorized IP addresses, select this option. Specify how many times IKE must fail before blocking that unauthorized IP address for a length of time that you specify.

On the Advanced VPN Tunnel Setup screen, click Save Settings to apply your changes, or click Cancel Changes to cancel your changes.

On the VPN screen, click Save Settings to apply your changes, or click Cancel Changes to cancel your changes.

Access Restrictions

The Access Restrictions screen allows you to block or allow specific kinds of Internet usage and traffic, such as Internet access, designated services, and websites during specific days and times.

EtherFast Cable/DSL VPN Router with 4-Port Switch

12

Page 15 Page 17
Image 16
Page 15 Page 17
Contents EtherFast Cable/DSL VPN Router with 4-Port Switch About This Guide Icon DescriptionsOnline Resources Copyright and TrademarksTable of Contents Appendix F Software License Agreement Computer using VPN client software to VPN Router Chapter IntroductionIntroduction to VPNs VPN ExamplesVPN Security Front Panel Chapter Product OverviewBack Panel Chapter Advanced Configuration How to Access the Web-Based UtilitySetup Basic Setup Internet SetupStatic IP PPPoEOptional Settings and MTU Heart Beat SignalSetup Ddns Network SetupSetup MAC Address Clone Setup Advanced RoutingMAC Clone Advanced RoutingSecurity Firewall Security VPNFirewall VPN PassthroughLocal Secure Group and Remote Secure Group VPN TunnelRemote Security Gateway Advanced Setting Key ManagementStatus Auto IKEAccess Restrictions PhaseOther Settings ProposalInternet Access To create an Internet Access policyApplications and Gaming Port Range Forwarding Port Range ForwardingApplications & Gaming Port Triggering Port TriggeringUPnP Forwarding Triggered RangeAdministration Management Applications and Gaming DMZAdministration Log Gateway PasswordUPnP LogAdministration Diagnostics Administration Factory DefaultsFactory Defaults Ping TestStatus Gateway Administration Firmware UpgradeStatus Local Network Local Network Dhcp Client TableAppendix a Troubleshooting Your computer cannot connect to the InternetOverview Appendix B VPN TunnelInstructions Appendix C Specifications BEFVP41Obtaining Warranty Service Limited WarrantyExclusions and Limitations Technical Support Safety Notices FCC StatementIndustry Canada Statement Avis d’Industrie CanadaDansk Danish Miljøinformation for kunder i EU Regulatory Information Norsk Norwegian Miljøinformasjon for kunder i EU Regulatory Information Software Licenses Software in Linksys ProductsSchedule 1 Linksys Software License Agreement Schedule PreambleSoftware License Agreement Software License Agreement No Warranty GNU Lesser General Public License Software License Agreement Software License Agreement Software License Agreement No Warranty OpenSSL License Original SSLeay License8112021NC-JL

BEFVP41 specifications

The Linksys BEFVP41 is a sophisticated yet user-friendly VPN router designed primarily for small office and home office networks. Known for its robust performance and versatility, it stands out as a solid choice for users looking to enhance their network security and connectivity.

One of its key features is the built-in VPN support, which allows users to establish secure connections to remote networks or clients. The BEFVP41 supports up to 50 simultaneous VPN connections, making it an excellent option for small businesses that require secure remote access for their employees without compromising on speed or reliability.

The router employs advanced security protocols including IPsec, which is well-known for ensuring encrypted communication over the internet. This level of security enables users to safeguard sensitive data and maintain privacy while accessing their networks remotely, critical for businesses that handle confidential information.

In terms of connectivity, the BEFVP41 is equipped with four Ethernet ports that support 10/100 Mbps speeds, allowing for high-speed wired connections. It also features a WAN port for connection to a broadband modem, ensuring a fast and stable internet connection. The router supports various connection types, including DHCP, static IP, and PPPoE, making it versatile for different networking environments.

Additional features include a user-friendly web-based interface, which simplifies the setup and configuration process for users. This intuitive design is combined with powerful QoS (Quality of Service) capabilities, enabling prioritized bandwidth allocation to specific applications or users, ensuring that critical business applications have the necessary speeds and reliability.

The BEFVP41 also offers dynamic DNS support, which allows users to access their home or office network using a domain name instead of remembering an IP address. Moreover, it includes a DHCP server for automated IP address assignment, making network management more streamlined.

Overall, the Linksys BEFVP41 combines essential networking technologies and security features into a compact design suitable for any small business or home office environment. With its robust performance, extensive VPN capabilities, and user-friendly interface, it caters effectively to the diverse needs of modern network requirements. The BEFVP41 is a reliable solution for those looking to enhance their connectivity while maintaining security and ease of use.
Top Page Image Contents