Linksys RV0041 manual VPN tab Client to Gateway IPSec Setup

Page 57

10/100/1000 4-Port VPN Router

Domain Name (FQDN) (Fully Qualified Domain Name): Enter the Domain Name of the Remote Client. When the Remote Client requests to create a tunnel with the Router, the Router will act as a responder. The Domain Name must match the local settings of the Remote Client.

E-mail Address (User FQDN): Enter the Email Address of the Remote Client. When the Remote Client requests to create a tunnel with the Router, the Router will act as a responder. The Email Address must match the local settings of the Remote Client.

Microsoft XP/2000 VPN Client: This option is used for Dynamic IP users (e.g. PPPoE or DHCP) which using Microsoft VPN client. The difference between Microsoft and other VPN client is that Microsoft client does not support Aggressive mode and FQDN/USER FQDN ID options.

IPSec Setup

In order for any encryption to occur, the two ends of the tunnel must agree on the type of encryption and the way the data will be decrypted. This is done by sharing a “key” to the encryption code. There are two Keying Modes of key management, Manual and IKE with Preshared Key (automatic). If GroupVPN is enabled, the key management will be IKE with Preshared Key only.

Manual

If you select Manual, you generate the key yourself, and no key negotiation is needed. Basically, manual key management is used in small static environments or for troubleshooting purposes. Both sides must use the same Key Management method.

Incoming & Outgoing SPI (Security Parameter Index): SPI is carried in the ESP (Encapsulating Security Payload Protocol) header and enables the receiver and sender to select the SA, under which a packet should be processed. The hexadecimal values is acceptable, and the valid range is 100~ffffffff. Each tunnel must have a unique Inbound SPI and Outbound SPI. No two tunnels share the same SPI. The Incoming SPI here must match the Outgoing SPI value at the other end of the tunnel, and vice versa

Encryption: There are two methods of encryption, DES and 3DES. The Encryption method determines the length of the key used to encrypt/decrypt ESP packets. DES is 56-bit encryption and 3DES is 168-bit encryption. 3DES is recommended because it is more secure, and both sides must use the same Encryption method.

Authentication: There are two methods of authentication, MD5 and SHA. The Authentication method determines a method to authenticate the ESP packets. MD5 is a one-way hashing algorithm that produces a 128-bit digest. SHA is a one-way hashing algorithm that produces a 160-bit digest. SHA is recommended because it is more secure, and both sides must use the same Authentication method.

Chapter 5: Setting Up and Configuring the Router

Figure 5-46: VPN tab - Client to Gateway

IPSec Setup

49

VPN Tab - Client to Gateway

Image 57
Contents 10/100/1000 4-Port Word definition Copyright and TrademarksTable of Contents Appendix C Physical Setup of the Router Appendix a TroubleshootingAppendix D Battery Replacement Setting up the Router10/100/1000 4-Port VPN Router Computer-to-VPN Router VPN VPN Router-to-VPN Router VPN24 System Management Tab DNS Name Lookup 54 Basic Setup Wizard Host and Domain Name Introduction WelcomeIP a protocol used to send data over a network Adapter a device that adds network functionality to your PC What’s in this Guide?Introduction What’s in this Guide? Networking Basics An Introduction to LANsUse of IP Addresses MAC Address Spoofing Why do I need a VPN?There are two basic ways to create a VPN connection What is a VPN?VPN Router-to-VPN Router VPN VPN Router to VPN RouterSFP Getting to Know the RouterButton on your PC to reboot it Reset Button Reset button can be used in one of two waysForwarding or a new password Proceed to Connecting the RouterConnecting the Router OverviewVPN Router Connection Instructions Setting Up and Configuring the RouterSetting Up and Configuring the Router Setup TabSystem Summary Tab Dhcp Tab System Management TabPort Management Tab VPN Tab Firewall TabLog Tab Wizard TabConfiguration How to Access the Web-based UtilitySystem Summary Tab System InformationNetwork Setting Status Firewall Setting StatusPort Statistics Log Setting Status VPN Setting StatusWAN Interface Setting LAN SettingNetwork WAN Connection TypeStatic IP PPPoE Point-to-Point Protocol over Ethernet most DSL usersPptp Point-to-Point Tunneling Protocol Setup Tab Password Setup Tab TimeTime Setup Tab Forwarding Setup Tab DMZ HostSelect the Service from the pull-down menu, shown in Figure Port Range ForwardingPort Triggering Setup Tab One-to-One NAT Setup Tab UPnPSetup Tab Ddns Setup Tab MAC CloneDynamic Routing Setup Tab Advanced RoutingEnter the following data to create a static route entry Static RoutingSetup Dhcp Tab SetupDynamic IP Static IPSystem Management Tab Snmp Dhcp Tab StatusDNS Name Lookup System Management Tab DiagnosticPing Lookup tool may be used to find the IP addressSystem Management Tab Firmware Upgrade System Management Tab Factory DefaultFirmware Upgrade Firmware DownloadImport Configuration File System Management Tab Setting BackupExport Configuration File System Management Tab RestartBasic Per Port Config Port Management Tab Port Setup32 Port Management Tab Port Status Port Management Tab Port Status33 Firewall Tab General Firewall Tab General34 Firewall Tab Access Rules Firewall Tab Access RulesAdd a New Access Rule ServicesScheduling Editing an Access Rule Firewall Tab Content FilterForbidden Domains SchedulingVPN Tab Summary SummaryTunnel Status 37 VPN Tab Summary Detail GroupVPN StatusVPN Tab Gateway to Gateway Local Group Setup40 VPN tab Gateway to Gateway Remote Group Setup Remote Group SetupManual IPSec SetupIKE with Preshared Key automatic 10/100/1000 4-Port VPN Router 42 VPN tab Gateway to Gateway Advanced AdvancedVPN Tab Client to Gateway With Tunnel Enabled45 VPN tab Client to Gateway Remote Group Setup With Group VPN enabled 46 VPN tab Client to Gateway IPSec Setup IKE with Preshared Key automatic 47 VPN tab Client to Gateway Advanced Tunnel mode, it will also be limited as Aggressive ModeCompress Support IP Payload compression Protocol IP Comp VPN Tab VPN Pass ThroughLog Tab System Log Log SettingSyslog Mail51 Log tab System Statistics Log Tab System StatisticsWizard Tab Basic Setup55 Basic Setup Wizard Selecting WAN Connection Types 57 Access Rule Wizard What is Access Rules Access Rule Setup59 Access Rule Wizard Select the Service 61 Access Rule Wizard Select the Destination Logout Tab Support TabOn Line Manual Linksys Web SiteCommon Problems and Solutions Appendix a TroubleshootingFor Windows 98 and Millennium Need to set a static IP address on a PCFor Windows XP For WindowsFor Windows 98 and Millennium 10/100/1000 4-Port VPN Router Need to set up a server behind my Router Am not able to access the Router’s Web-based Utility SetupWeb server 80 to Both 192.168.1.100 FTP server 21 to Application Start and End Protocol IP Address Enable500 to Application Start and End Protocol IP Address EnabledCan’t get the Internet game, server, or application to work Click the DMZ Host tabNeed to upgrade the firmware To start over, I need to set the Router to factory defaultFor Microsoft Internet Explorer 5.0 or higher For Netscape 4.7 or higherMy DSL service’s PPPoE is always disconnecting Firmware upgrade failedNeed to use port triggering Where is the Router installed on the network? Frequently Asked QuestionsRouter will support up to 253 IP addresses Is IPSec Passthrough supported by the Router?How can I block corrupted FTP downloads? What is DMZ Hosting? Router allows Pptp packets to pass throughIs the Router cross-platform compatible? Which modems are compatible with the Router? How many ports can be simultaneously forwarded?How can I check whether I have static or Dhcp IP addresses? Ask your ISP to find outWindows 2000 or XP Instructions Windows 98 or Me InstructionsFigure B-3 MAC Address/Physical Address For the Router’s Web-based UtilitySetting up the Router Appendix C Physical Setup of the RouterPlacement of the Router Rack-Mounting the Router10/100/1000 4-Port VPN Router Figure C-3 Wall-Mounting the Router Wall-Mounting the RouterFigure C-4 Wall-Mounting Hardware Appendix D Battery Replacement Replacing a Lithium BatteryThis section instructs the user on battery replacement Appendix E Upgrading Firmware Figure E-1 Upgrade FirmwareAppendix F Windows Help Shared ResourcesNetwork Neighborhood/My Network Places Appendix G Glossary 10/100/1000 4-Port VPN Router 10/100/1000 4-Port VPN Router 10/100/1000 4-Port VPN Router Standards Ieee 802.3, 802.3u Ports Appendix H SpecificationsSFP Port 10/100/100 Gigabit Ports, 1 10/100 RJ-45 Internet PortLimited Warranty Appendix I Warranty InformationFCC Statement Appendix J Regulatory InformationNeed to contact Linksys? Appendix K Contact InformationInformation section in this Guide Linksys