Linksys RV0041 manual 10/100/1000 4-Port VPN Router

Page 52

10/100/1000 4-Port VPN Router

Phase 1 Authentication: There are two methods of authentication, MD5 and SHA. The Authentication method determines a method to authenticate the ESP packets. Both sides must use the same Authentication method. MD5 is a one-way hashing algorithm that produces a 128-bit digest.

SHA is a one-way hashing algorithm that produces a 160-bit digest. SHA is recommended because it is more secure, and both sides must use the same Authentication method.

Phase 1 SA Life Time: This field allows you to configure the length of time a VPN tunnel is active in Phase 1. The default value is 28,800 seconds.

Perfect Forward Secrecy: If PFS is enabled, IKE Phase 2 negotiation will generate a new key material for IP traffic encryption and authentication. If PFS is enabled, a hacker using brute force to break encryption keys is not able to obtain other or future IPSec keys.

Phase 2 DH Group: There are three groups of different prime key lengths. Group1 is 768 bits, Group2 is 1,024 bits and Group 5 is 1,536 bits. If network speed is preferred, select Group 1. If network security is preferred, select Group 5. You can choose the different Group with the Phase 1 DH Group you chose. If Perfect Forward Secrecy is disabled, there is no need to setup the Phase 2 DH Group since no new key generated, and the key of Phase 2 will be same with the key in Phase 1.

Phase 2 Encryption: Phase 2 is used to create one or more IPSec SAs, which are then used to key IPSec sessions. There are two methods of encryption, DES and 3DES. The Encryption method determines the length of the key used to encrypt/decrypt ESP packets. DES is 56-bit encryption and 3DES is 168-bit encryption. Both sides must use the same Encryption method. If users enable the AH Hash Algorithm in Advanced, then it is recommended to select Null to disable encrypting/decrypting ESP packets in Phase 2, but both sides of the tunnel must use the same setting.

Phase 2 Authentication: There are two methods of authentication, MD5 and SHA. The Authentication method determines a method to authenticate the ESP packets. Both sides must use the same Authentication method. MD5 is a one-way hashing algorithm that produces a 128-bit digest. If users enable the AH Hash Algorithm in Advanced, then it is recommended to select Null to disable authenticating ESP packets in Phase 2, but both sides of the tunnel must use the same setting.

Phase 2 SA Life Time: This field allows you to configure the length of time a VPN tunnel is active. The default value is 3,600 seconds.

Preshared Key: Use character and hexadecimal values in this field, e.g. “My_@123” or “4d795f40313233.” The max entry of this field is 30-digit. Both sides must use the same Pre-shared Key. It’s recommended to change Preshared keys regularly to maximize VPN security.

Click the Save Settings button to save the settings or click the Cancel Changes button to undo the changes.

Chapter 5: Setting Up and Configuring the Router

44

VPN Tab - Gateway to Gateway

Page 51 Page 53
Image 52
Page 51 Page 53
Contents 10/100/1000 4-Port Copyright and Trademarks Word definitionTable of Contents Appendix a Troubleshooting Appendix C Physical Setup of the RouterAppendix D Battery Replacement Setting up the Router10/100/1000 4-Port VPN Router VPN Router-to-VPN Router VPN Computer-to-VPN Router VPN24 System Management Tab DNS Name Lookup 54 Basic Setup Wizard Host and Domain Name Welcome IntroductionIP a protocol used to send data over a network What’s in this Guide? Adapter a device that adds network functionality to your PCIntroduction What’s in this Guide? An Introduction to LANs Networking BasicsUse of IP Addresses Why do I need a VPN? MAC Address SpoofingWhat is a VPN? There are two basic ways to create a VPN connectionVPN Router to VPN Router VPN Router-to-VPN Router VPNGetting to Know the Router SFPReset Button Reset button can be used in one of two ways Button on your PC to reboot itForwarding or a new password Proceed to Connecting the RouterOverview Connecting the RouterVPN Router Setting Up and Configuring the Router Connection InstructionsSetup Tab Setting Up and Configuring the RouterSystem Summary Tab System Management Tab Dhcp TabPort Management Tab Firewall Tab VPN TabLog Tab Wizard TabHow to Access the Web-based Utility ConfigurationSystem Summary Tab System InformationFirewall Setting Status Network Setting StatusPort Statistics VPN Setting Status Log Setting StatusLAN Setting WAN Interface SettingNetwork WAN Connection TypePPPoE Point-to-Point Protocol over Ethernet most DSL users Static IPPptp Point-to-Point Tunneling Protocol Setup Tab Time Setup Tab PasswordTime Setup Tab DMZ Host Setup Tab ForwardingPort Range Forwarding Select the Service from the pull-down menu, shown in FigurePort Triggering Setup Tab UPnP Setup Tab One-to-One NATSetup Tab MAC Clone Setup Tab DdnsSetup Tab Advanced Routing Dynamic RoutingStatic Routing Enter the following data to create a static route entryDhcp Tab Setup SetupDynamic IP Static IPDhcp Tab Status System Management Tab SnmpSystem Management Tab Diagnostic DNS Name LookupPing Lookup tool may be used to find the IP addressSystem Management Tab Factory Default System Management Tab Firmware UpgradeFirmware Upgrade Firmware DownloadSystem Management Tab Setting Backup Import Configuration FileExport Configuration File System Management Tab RestartPort Management Tab Port Setup Basic Per Port ConfigPort Management Tab Port Status 32 Port Management Tab Port StatusFirewall Tab General 33 Firewall Tab GeneralFirewall Tab Access Rules 34 Firewall Tab Access RulesServices Add a New Access RuleScheduling Firewall Tab Content Filter Editing an Access RuleForbidden Domains SchedulingSummary VPN Tab SummaryTunnel Status GroupVPN Status 37 VPN Tab Summary DetailLocal Group Setup VPN Tab Gateway to GatewayRemote Group Setup 40 VPN tab Gateway to Gateway Remote Group SetupIPSec Setup ManualIKE with Preshared Key automatic 10/100/1000 4-Port VPN Router Advanced 42 VPN tab Gateway to Gateway AdvancedWith Tunnel Enabled VPN Tab Client to Gateway45 VPN tab Client to Gateway Remote Group Setup With Group VPN enabled 46 VPN tab Client to Gateway IPSec Setup IKE with Preshared Key automatic Tunnel mode, it will also be limited as Aggressive Mode 47 VPN tab Client to Gateway AdvancedVPN Tab VPN Pass Through Compress Support IP Payload compression Protocol IP CompLog Setting Log Tab System LogSyslog MailLog Tab System Statistics 51 Log tab System StatisticsBasic Setup Wizard Tab55 Basic Setup Wizard Selecting WAN Connection Types Access Rule Setup 57 Access Rule Wizard What is Access Rules59 Access Rule Wizard Select the Service 61 Access Rule Wizard Select the Destination Support Tab Logout TabOn Line Manual Linksys Web SiteAppendix a Troubleshooting Common Problems and SolutionsFor Windows 98 and Millennium Need to set a static IP address on a PCFor Windows For Windows XPFor Windows 98 and Millennium 10/100/1000 4-Port VPN Router Am not able to access the Router’s Web-based Utility Setup Need to set up a server behind my RouterApplication Start and End Protocol IP Address Enable Web server 80 to Both 192.168.1.100 FTP server 21 toApplication Start and End Protocol IP Address Enabled 500 toCan’t get the Internet game, server, or application to work Click the DMZ Host tabTo start over, I need to set the Router to factory default Need to upgrade the firmwareFor Microsoft Internet Explorer 5.0 or higher For Netscape 4.7 or higherFirmware upgrade failed My DSL service’s PPPoE is always disconnectingNeed to use port triggering Frequently Asked Questions Where is the Router installed on the network?Router will support up to 253 IP addresses Is IPSec Passthrough supported by the Router?How can I block corrupted FTP downloads? Router allows Pptp packets to pass through What is DMZ Hosting?Is the Router cross-platform compatible? How many ports can be simultaneously forwarded? Which modems are compatible with the Router?How can I check whether I have static or Dhcp IP addresses? Ask your ISP to find outWindows 98 or Me Instructions Windows 2000 or XP InstructionsFor the Router’s Web-based Utility Figure B-3 MAC Address/Physical AddressAppendix C Physical Setup of the Router Setting up the RouterPlacement of the Router Rack-Mounting the Router10/100/1000 4-Port VPN Router Wall-Mounting the Router Figure C-3 Wall-Mounting the RouterFigure C-4 Wall-Mounting Hardware Replacing a Lithium Battery Appendix D Battery ReplacementThis section instructs the user on battery replacement Figure E-1 Upgrade Firmware Appendix E Upgrading FirmwareShared Resources Appendix F Windows HelpNetwork Neighborhood/My Network Places Appendix G Glossary 10/100/1000 4-Port VPN Router 10/100/1000 4-Port VPN Router 10/100/1000 4-Port VPN Router Appendix H Specifications Standards Ieee 802.3, 802.3u PortsSFP Port 10/100/100 Gigabit Ports, 1 10/100 RJ-45 Internet PortAppendix I Warranty Information Limited WarrantyAppendix J Regulatory Information FCC StatementAppendix K Contact Information Need to contact Linksys?Information section in this Guide Linksys
Top Page Image Contents