Linksys BEFSX41 manual Encryption, Authentication, Key Management

Page 26

Instant Broadband® Series

Any - If you select Any for the Remote Security Gateway, as shown in Figure 7-19, the VPN device at the other end of the tunnel will accept a request from any IP address. The remote VPN device can be another Firewall Router, a VPN Server, or a computer with VPN client software that supports IPSec. If the remote user has an unknown or dynamic IP address (such as a professional on the road or a telecommuter using DHCP or PPPoE), then Any should be selected.

Figure 7-19

Encryption

Using Encryption also helps make your connection more secure. There are two different types of encryption: DES or 3DES (3DES is recommended because it is more secure). You may choose either of these, but it must be the same type of encryption that is being used by the VPN device at the other end of the tunnel. Or, you may choose not to encrypt by selecting Disable.

Authentication

Authentication acts as another level of security. There are two types of authen- tication: MD5 and SHA (SHA is recommended because it is more secure). As with encryption, either of these may be selected, provided that the VPN device at the other end of the tunnel is using the same type of authentication. Or, both ends of the tunnel may choose to Disable authentication.

EtherFast® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint

Key Management

In order for any encryption to occur, the two ends of the tunnel must agree on the type of encryption and the way the data will be decrypted. This is done by sharing a “key” to the encryption code. Under Key Management, you may choose automatic or manual key management.

Automatic Key Management

Select Auto (IKE) and enter a series of numbers or letters in the Pre-shared Key field. Check the box next to PFS (Perfect Forward Secrecy) to ensure that the initial key exchange and IKE proposals are secure. In the example shown in Figure 7-20, the word MyTest is used. Based on this word, which MUST be entered at both ends of the tunnel if this method is used, a key is generated to scramble (encrypt) the data being transmitted over the tunnel, where it is unscrambled (decrypted). You may use any combination of up to 24 numbers or letters in this field. No special characters or spaces are allowed. In the Key Lifetime field, you may optionally select to have the key expire at the end of a time period of your choosing. Enter the number of seconds you’d like the key to be useful, or leave it blank for the key to last indefinitely.

Figure 7-20

Manual Key Management

Similarly, you may choose Manual keying, which allows you to generate the key yourself. Enter your key into the Encryption KEY field. Then enter an Authentication KEY into that field. These fields must both match the infor- mation that is being entered in the fields at the other end of the tunnel. The example in Figure 7-21 shows some sample entries for both the Encryption and Authentication Key fields. Up to 24 alphanumeric characters are allowed to create the Encryption Key. Up to 20 alphanumeric characters are allowed to create the Authentication Key.

44

45

Page 25 Page 27
Image 26
Page 25 Page 27
Contents User Guide Copyright & Trademarks Table of Contents Environmental 139 FeaturesIntroduction An Introduction to LANs and WANs IP AddressesYour Virtual Private Network VPN Network Setup OverviewWhy Do I Need a VPN? What is a Virtual Private Network? Firewall Router to Firewall RouterModem connection will not work from any other port PowerRouter’s Back Panel PortsProceed to Connect the Router WAN and LAN LEDsRouter’s Front Panel LEDs Connect the Router Connecting Your Hardware Together and Booting UpRouter’s hardware installation is now complete OverviewConfigure the PCs Configuring Windows 95, 98, and Millennium PCsGo to Configure the Router Configuring Windows 2000 PCsConfiguring Windows XP PCs Configure the Router Advanced Proxies. Click Direct Connection to the Internet Obtain an IP Address AutomaticallyStatic IP Address Enter the Gateway AddressPPPoE RASQuick and Easy Router Administration Cable/DSL Firewall Router’s Web-based UtilitySetup User Name and Password Static IPWAN IP Firewall Multicast Pass Through Remote UpgradeBlock WAN Request IPSec Pass ThroughEstablishing a Tunnel VPNLocal Secure Group and Remote Secure Group Remote Security Gateway Key Management AuthenticationEncryption Instant Broadband Series Advanced Settings for Selected IPSec Tunnel PhaseOther Settings PasswordStatus Dhcp Log Help Advanced FiltersInstant Broadband Series Forwarding UPnP Forwarding Port Triggering Dynamic Routing Static RoutingDMZ Host Address DMZ HostDMZ Port Current DMZ Host MAC Address CloneDynDNS.org DdnsTZO.com Appendix a TroubleshootingCommon Problems and Solutions For Windows 95, 98, and Me For Windows NTFor Windows XP For Windows XP Am not able to access the Router’s web interface Setup Can’t get the Internet game, server, or application to work To start over, I need to set the Router to factory default Click the Advanced = Filter tab Need to use port triggeringFrequently Asked Questions TCP/IP is compatible with the Router Appendix B Maximizing VPN Security Windows 2000 or Windows XP IntroductionEnvironment Step One Create an IPSec PolicyIP Address Filter List 1 win-routerStep Two Build Filter Lists Filter List 2 router=win Figure C-6Step Three Configure Individual Tunnel Rules Tunnel 1 win-routerShared key, as shown Respond Using IPSec XYZ12345. ClickString to Protect Negotiate Security Key exchange pre AcceptTunnel 2 router-win Preshared key, Action Require Security This string to protectKey Exchange XYZ12345Figure C-24 Step Four Assign New IPSec PolicyStep Five Create a Tunnel Through the Web-based Utility Figure C-28Appendix E How to Ping Your ISP’s E-mail & Web Addresses Appendix D Snmp FunctionsFigure E-1 Appendix F Installing the TCP/IP Protocol TCP/IP installation is now completeFigure G-1 For Windows NT, 2000, and XPFigure G-5 Appendix H Glossary 129 131 133 135 137 Appendix I Specifications EnvironmentalSales Information Appendix J Warranty InformationAppendix K Contact Information Web FTP SiteCopyright 2003 Linksys, All Rights Reserved
Top Page Image Contents