Linksys WRV200 manual Remote Secure Gateway, Key Management, Tunnel Options

Page 28

Chapter 5

Configuring the Wireless-G Router

the VPN will terminate at the Router, instead of the PC; or Any, to allow any computer to access the tunnel. The screen will change depending on the selected option. The options are described below.

Subnet  Enter the IP Address and Mask of the remote VPN router in the fields provided. To allow access to the entire IP subnet, enter 0 for the last set of IP Addresses (e.g., 192.168.1.0).

IP Addr.  Enter the IP Address of the remote VPN router. The Mask will be displayed.

Host  The VPN tunnel will terminate at the router with this setting. Use Port Range Forwarding to direct traffic to the correct computer. Refer to the Firewall > Port Range Forwarding screen.

Any  Allows any computer to access the tunnel.

Remote Secure Gateway

The Remote Secure Gateway is the VPN device, such as a second VPN router, on the remote end of the VPN tunnel. Enter the IP Address of the VPN device at the other end of the tunnel. The remote VPN device can be another VPN router, a VPN server, or a computer with VPN client software that supports IPSec. The IP address may either be static (permanent) or dynamic, depending on the settings of the remote VPN device.

If the IP Address is static, select IP Addr. and enter the IP address. Make sure that you have entered the IP address correctly, or the connection cannot be made. Remember, this is NOT the IP address of the local VPN Router; it is the IP address of the remote VPN router or device with which you wish to communicate. If the IP address is dynamic, select FQDN for DDNS or Any. If FQDN is selected, enter the domain name of the remote router, so the Router can locate a current IP address using DDNS. If Any is selected, then the Router will accept requests from any IP address.

Key Management

Key Exchange Method  IKE is an Internet Key Exchange protocol used to negotiate key material for Security Association (SA). IKE uses the Pre-shared Key to authenticate the remote IDE peer. Select Auto (IKE) for the Key Exchange Method. Both ends of a VPN tunnel must use the same mode of key management. The settings available on this screen may change, depending on the selection you have made.

Operation Mode  Use this option to set the operation mode to Main (default) or Aggressive. Main Mode operation is supported in ISAKMP SA establishment.

ISAKMP Encryption Method  There are four different types of encryption: 3DES, AES-128,AES-192, or AES- 256. You may choose any of these, but it must be the

same type of encryption that is being used by the VPN device at the other end of the tunnel.

ISAKMP Authentication Method  There are two types of authentication: MD5 and SHA (SHA is recommended because it is more secure). As with encryption, either of these may be selected, provided that the VPN device at the other end of the tunnel is using the same type of authentication.

ISAKMP DH Group  This is for Diffie-Hellman key negotiation. There are 7 groups available for ISAKMP SA establishment. Group 1024, 1536, 2048, 3072, 4096, 6144, and 8192 represent different bits used in Diffie-Hellman mode operation. The default value is 1024.

ISAKMP Key Lifetime(s)  This field specifies how long an ISAKMP key channel should be kept, before being renegotiated. The default is 28800 seconds.

PFS  PFS (Perfect Forward Secrecy) ensures that the initial key exchange and IKE proposals are secure. To use PFS, click the Enabled radio button.

IPSec Encryption Method  Using encryption also helps make your connection more secure. There are four different types of encryption: 3DES, AES-128,AES-192, or AES-256. You may choose any of these, but it must be the same type of encryption that is being used by the VPN device at the other end of the tunnel.

IPSec Authentication Method  Authentication acts as another level of security. There are two types of authentication: MD5 and SHA (SHA is recommended because it is more secure). As with encryption, either of these may be selected, provided that the VPN device at the other end of the tunnel is using the same type of authentication. Or, both ends of the tunnel may choose to disable authentication.

IPSec DH Group  This is the same as the ISAKMP DH Group setting.

IPSec Key Lifetime(s)  In this field, you may optionally select to have the key expire at the end of a time period of your choosing. Enter the number of seconds you’d like the key to be used until a re-key negotiation between each endpoint is completed. The default is 3600 seconds.

Pre-shared Key  Enter a series of numbers or letters in the Pre-shared Key field. Based on this word, which MUST be entered at both ends of the tunnel, a key is generated to scramble (encrypt) the data being transmitted over the tunnel, where it is unscrambled (decrypted). You may use any combination of up to 24 numbers or letters in this field. No special characters or spaces are allowed.

Tunnel Options

Dead Peer Detection  You can select Dead Peer Detection (DPD) to detect the status of a remote Peer.

Wireless-G VPN Router with RangeBooster

23

Page 27 Page 29
Image 28
Page 27 Page 29
Contents Wireless-G VPN Router with RangeBooster About This Guide About This GuideTable of Contents Appendix a Troubleshooting Appendix B Wireless Security ChecklistAppendix I Regulatory Information Appendix E Gateway-to-Gateway VPN TunnelAppendix J Contact Information Chapter IntroductionChapter Planning Your Wireless Network Ad-Hoc versus Infrastructure ModeNetwork Topology Network LayoutWhat is a VPN? Why do I need a VPN?Chapter Planning Your Virtual Private Network VPN Computer using the Linksys VPN client software to VPN Router VPN Router to VPN RouterChapter Product Overview Product OverviewFront Panel Back PanelChapter Configuring the Wireless-G VPN Router OverviewHow to Access the Web-based Utility SetupSetup Basic Settings Internet SetupPptp Optional Settings Required by some ISPs LAN SetupSetup Ddns Setup VlanTime Settings Setup MAC Address Clone DdnsDynamic Routing Setup Advanced RoutingStatic Routing Wireless Wireless Basic Wireless SettingsWireless Wireless Security Wireless Network ModeWPA Enterprise WPA2 PersonalWPA2 Enterprise WPA2 Personal Mixed WPA2 Enterprise MixedWireless Wireless Network Access Wireless Network AccessWireless WDS Wireless Advanced Wireless SettingsAdvanced Wireless Settings Firewall Firewall GeneralFirewall Port Forwarding Internet BlockFirewall Port Triggering Firewall DMZ VPN VPN Client Access Firewall Access Restriction Firewall URL Filtering VPN Client List Table VPN VPN PassthroughCertificate Management Local Secure Group VPN IPSec VPNRemote Secure Group Key Management Remote Secure GatewayTunnel Options VPN VPN Summary QoS QoS Application-Based QoSQoS Port-Based QoS Priority QueueAdministration Administration ManagementAdmin Password Local Router AccessBackup and Restore Administration LogUPnP Administration Diagnostics Administration Factory DefaultAdministration Firmware Upgrade Ping TestAdministration Reboot StatusStatus Router InformationStatus Wireless Status Local NetworkStatus System Performance Local NetworkSystem Performance Status VPN ClientsVPN Summary Appendix a Troubleshooting TroubleshootingAppendix a WindowsTroubleshooting Need to set up a server behind my Router Click Save Settings Go to the Firewall DMZ tabGo to the Setup Basic Setup tab Click the Firewall Port Triggering tabFrequently Asked Questions WRV200 does not support NetBIOS Broadcast overIs the Router cross-platform compatible? Appendix B Wireless Security Checklist Wireless Security ChecklistAppendix B General Network Security GuidelinesInstalling from the CD-ROM Appendix CAppendix C Overview Before You BeginUsing the Linksys QuickVPN Software Version Number of the QuickVPN ClientDistributing Certificates to QuickVPN Users Select VPN, then VPN Client Access\Program Files\Linksys\QuickVPN Client\ Appendix D IntroductionEnvironment Create an IPSec PolicyFilter List 2 router win Configure Individual Tunnel Rules Tunnel 1 win-RouterTunnel 2 Router-win Rules Tab Create a Tunnel Through the Web-Based Utility Assign New IPSec PolicyYour tunnel should now be established Configuration of the WRV200 Appendix EAppendix E Gateway-to-Gateway VPN Tunnel Click IPSec VPNConfiguration of PC 1 and PC Configuration of the RV082Click the Gateway to Gateway tab RV082 WRV200 Dynamic IP B.B.B.B with Configuration when Both Gateways Use Dynamic IP Addresses RV082 VPN Settings Appendix F Appendix F GlossaryGlossary Http HyperText Transport ProtocolGlossary Smtp Simple Mail Transfer Protocol The standard eAppendix F Specifications Appendix G SpecificationsAppendix G Specifications Warranty Information Obtaining Warranty ServiceAppendix H Exclusions and LimitationsWarranty Information Technical SupportAppendix Regulatory InformationWireless Disclaimer Avis d’Industrie CanadaDansk Danish Miljøinformation for kunder i EU Appendix Norsk Norwegian Miljøinformasjon for kunder i EU Appendix Appendix J Contact Information
Related manuals
Manual 2 pages 11.27 Kb
Top Page Image Contents