Appendix D | Configuring IPSec with a Windows 2000 or XP Computer |
Step 4: Assign New IPSec Policy
In the IP Security Policies on Local Machine window, right- click the policy named to_Router, and click Assign. A green arrow appears in the folder icon.
Local Computer
Step 5: Create a Tunnel Through the Web-Based Utility
1.Open your web browser, and enter 192.168.1.1 in the Address field. Press Enter.
2.When the User name and Password fields appear, enter the default user name and password, admin. Press Enter.
3.Click the VPN tab, then click IPSec VPN.
VPN > IPSec VPN
4.Select the tunnel you wish to create in the Select Tunnel Entry
the Tunnel Name field. This is to allow you to identify multiple tunnels and does not have to match the name used at the other end of the tunnel. Set the NAT- Traversal option to Disabled.
5.Enter the IP Address and Subnet Mask of the local VPN Router in the Local Secure Group fields. To allow access to the entire IP subnet, enter 0 for the last set of IP Addresses (e.g. 192.168.1.0).
6.Enter the IP Address and Subnet Mask of the VPN device at the other end of the tunnel (the remote VPN Router or device with which you wish to communicate) in the Remote Secure Group fields.
7.Select the Key Management.
a.Select Auto (IKE), then set the Operation Mode to Main.
b.Select the ISAKMP encryption method: 3DES, AES- 128,
c.Select the ISAKMP authentication method: MD5 or SHA1 (SHA1 is recommended as it is more secure). As with encryption, the method you select must be the same type of authentication used by the VPN device at the other end of the tunnel.
d.Select the ISAKMP DH Group: 1024, 1536, 2048, 3072, 4096, 6144, or 8192. These represent different bits used in
e.In the ISAKMP Key Lifetime field, enter a time period in seconds to have the key expire at the end of the designated period, or leave the field blank for the key to last indefinitely.
f.Select PFS (Perfect Forward Secrecy) to ensure that the initial key exchange and IKE proposals are secure.
g.For IPSec, specify the Encryption Method, Authentication Method, DH Group, and Key Lifetime in the same manner as for ISAKMP above.
h.Enter a series of numbers or letters in the Pre- shared Key field. You may use any combination of up to 24 numbers or letters in this field. No special characters or spaces are allowed.
8.Click Save Settings to save these changes.
Your tunnel should now be established.
48 |