Linksys BEFSX41 manual Local Secure Group and Remote Secure Group

Page 24

Instant Broadband® Series

Local Secure Group and Remote Secure Group

The Local Secure Group is the computer(s) on your LAN that can access the tunnel. The Remote Secure Group is the computer (s) on the remote end of the tunnel that can access the tunnel. Under Local Secure Group and Remote Secure Group, you may choose one of three options: Subnet, IP Address, and IP Range. Under Remote Secure Group, you have two additional options: Host and Any.

Note: The IP Addresses and Subnet Mask values used here are for example only. Do not try to use them for your actual setup. Obtain the relevant information from your own network to accurately config- ure your Firewall Router.

Subnet - If you select Subnet (which is the default), this will allow all computers on the local subnet to access the tunnel. In the example shown in Figure 7-12, all Local Secure Group computers with IP Addresses 192.168.1.xxx will be able to access the tunnel. All Remote Secure Group computers with IP Addresses 192.168.2.xxx will be able to access the tun- nel (in your settings, use the IP Addresses appropriate for your VPN). When using the Subnet setting, the default values of 0 should remain in the last fields of the IP and Mask settings.

Figure 7-12

Note: It is possible to set up your Firewall Router using any combi- nation of the three settings under Local Secure Group and the five set- tings under Remote Secure Group. For instance, when Subnet is cho- sen on the local end of the tunnel, Subnet does not have to be chosen at the remote end. So a single IP Address could be chosen to access the tunnel on the local end and a range of IP Addresses could be set at the remote end of the tunnel.

EtherFast® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint

IP Address - If you select IP Address, only the computer with the spe- cific IP Address that you enter will be able to access the tunnel. In the example shown in Figure 7-13, only the computer with IP Address 192.168.1.10 can access the tunnel from this end. Only the computer with IP Address 192.168.2.12 can access the tunnel from the remote end (in your settings, use the IP Addresses appropriate for your VPN).

Figure 7-13

IP Range - If you select IP Range, it will be a combination of Subnet and IP Address. You can specify a range of IP Addresses within the Subnet which will have access to the tunnel. In the example shown in Figure 7- 14, all computers on this end of the tunnel with IP Addresses between 192.168.1.1 and 192.168.1.20 can access the tunnel from the local end. Only computers assigned an IP Address between 192.168.2.1 and 192.168.2.100 can access the tunnel from the remote end (in your set- tings, use the IP Ranges appropriate for your VPN).

Figure 7-14

40

41

Page 23 Page 25
Image 24
Page 23 Page 25
Contents User Guide Copyright & Trademarks Table of Contents Features IntroductionEnvironmental 139 An Introduction to LANs and WANs IP AddressesNetwork Setup Overview Why Do I Need a VPN?Your Virtual Private Network VPN What is a Virtual Private Network? Firewall Router to Firewall RouterPower Router’s Back PanelModem connection will not work from any other port PortsWAN and LAN LEDs Router’s Front Panel LEDsProceed to Connect the Router Connecting Your Hardware Together and Booting Up Router’s hardware installation is now completeConnect the Router OverviewConfigure the PCs Configuring Windows 95, 98, and Millennium PCsGo to Configure the Router Configuring Windows 2000 PCsConfiguring Windows XP PCs Configure the Router Obtain an IP Address Automatically Static IP AddressAdvanced Proxies. Click Direct Connection to the Internet Enter the Gateway AddressPPPoE RASQuick and Easy Router Administration Cable/DSL Firewall Router’s Web-based UtilitySetup User Name and Password Static IPWAN IP Firewall Remote Upgrade Block WAN RequestMulticast Pass Through IPSec Pass ThroughEstablishing a Tunnel VPNLocal Secure Group and Remote Secure Group Remote Security Gateway Authentication EncryptionKey Management Instant Broadband Series Advanced Settings for Selected IPSec Tunnel PhaseOther Settings PasswordStatus Dhcp Log Help Advanced FiltersInstant Broadband Series Forwarding UPnP Forwarding Port Triggering Dynamic Routing Static RoutingDMZ Host DMZ PortDMZ Host Address Current DMZ Host MAC Address CloneDynDNS.org DdnsAppendix a Troubleshooting Common Problems and SolutionsTZO.com For Windows NT For Windows XPFor Windows 95, 98, and Me For Windows XP Am not able to access the Router’s web interface Setup Can’t get the Internet game, server, or application to work To start over, I need to set the Router to factory default Click the Advanced = Filter tab Need to use port triggeringFrequently Asked Questions TCP/IP is compatible with the Router Appendix B Maximizing VPN Security Introduction EnvironmentWindows 2000 or Windows XP Step One Create an IPSec PolicyFilter List 1 win-router Step Two Build Filter ListsIP Address Filter List 2 router=win Figure C-6Step Three Configure Individual Tunnel Rules Tunnel 1 win-routerRespond Using IPSec XYZ12345. Click String to Protect Negotiate Security Key exchange preShared key, as shown AcceptTunnel 2 router-win Action Require Security This string to protect Key ExchangePreshared key, XYZ12345Figure C-24 Step Four Assign New IPSec PolicyStep Five Create a Tunnel Through the Web-based Utility Figure C-28Appendix E How to Ping Your ISP’s E-mail & Web Addresses Appendix D Snmp FunctionsFigure E-1 Appendix F Installing the TCP/IP Protocol TCP/IP installation is now completeFigure G-1 For Windows NT, 2000, and XPFigure G-5 Appendix H Glossary 129 131 133 135 137 Appendix I Specifications EnvironmentalAppendix J Warranty Information Appendix K Contact InformationSales Information Web FTP SiteCopyright 2003 Linksys, All Rights Reserved
Top Page Image Contents