Linksys BEFSX41 manual Advanced Settings for Selected IPSec Tunnel, Phase

Page 28

Instant Broadband® Series

To get more details concerning your tunnel connection, click the View Logs button. The screen in Figure 7-24 will appear:

Figure 7-24

Select the log you wish to view: All (to view all logs), System Log, Access Log, Firewall Log, or VPN Log. The System Log screen displays a list of cold and warm starts, web login successes and failures, and packet filtering policies. The Access Log shows all incoming and outgoing traffic. The Firewall Log lists activities performed by the firewall to prevent DoS attacks, including URL fil- tering and time filtering. The VPN Log screen displays successful connections, transmissions and receptions, and the types of encryption used.

Once you no longer have need of the tunnel, simply click the Disconnect but- ton on the bottom of the VPN page.

To change advanced settings, select the tunnel whose advanced settings you wish to change. Then, click the Advanced Setting button to change the Advanced Settings for a specific VPN tunnel.

Advanced Settings for Selected IPSec Tunnel

From the Advanced Settings screen, shown in Figure 7-25, you can adjust the settings for specific VPN tunnels.

Phase 1

Phase 1 is used to create a security association (SA), often called the IKE SA. After Phase 1 is completed, Phase 2 is used to create one or more IPSec SAs, which are then used to key IPSec sessions.

Operation Mode

There are two modes: Main and Aggressive, and they exchange the same IKE payloads in different sequences. Main mode is more common; however, some people prefer Aggressive mode because it is faster. Main mode is for normal usage and includes more authentication requirements than Aggressive mode. Main mode is recommended because it is more secure. No matter which mode is selected, the VPN Router will accept both Main and Aggressive requests from the remote VPN device.

EtherFast® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint

Figure 7-25

Encryption

Select the length of the key used to encrypt/decrypt ESP packets. There are two choices: DES and 3DES. 3DES is recommended because it is more secure.

Authentication

Select the method used to authenticate ESP packets. There are two choices: MD5 and SHA. SHA is recommended because it is more secure.

Group

There are two Diffie-Hellman Groups to choose from: 768-bit and 1024-bit. Diffie-Hellman refers to a cryptographic technique that uses public and private keys for encryption and decryption.

Key Lifetime

In the Key Lifetime field, you may optionally select to have the key expire at the end of a time period of your choosing. Enter the number of seconds you’d like the key to be used until a re-key negotiation between each endpoint is completed.

48

49

Page 27 Page 29
Image 28
Page 27 Page 29
Contents User Guide Copyright & Trademarks Table of Contents Introduction FeaturesEnvironmental 139 An Introduction to LANs and WANs IP AddressesWhy Do I Need a VPN? Network Setup OverviewYour Virtual Private Network VPN What is a Virtual Private Network? Firewall Router to Firewall RouterPower Router’s Back PanelModem connection will not work from any other port PortsRouter’s Front Panel LEDs WAN and LAN LEDsProceed to Connect the Router Connecting Your Hardware Together and Booting Up Router’s hardware installation is now completeConnect the Router OverviewConfigure the PCs Configuring Windows 95, 98, and Millennium PCsGo to Configure the Router Configuring Windows 2000 PCsConfiguring Windows XP PCs Configure the Router Obtain an IP Address Automatically Static IP AddressAdvanced Proxies. Click Direct Connection to the Internet Enter the Gateway AddressPPPoE RASQuick and Easy Router Administration Cable/DSL Firewall Router’s Web-based UtilitySetup User Name and Password Static IPWAN IP Firewall Remote Upgrade Block WAN RequestMulticast Pass Through IPSec Pass ThroughEstablishing a Tunnel VPNLocal Secure Group and Remote Secure Group Remote Security Gateway Encryption AuthenticationKey Management Instant Broadband Series Advanced Settings for Selected IPSec Tunnel PhaseOther Settings PasswordStatus Dhcp Log Help Advanced FiltersInstant Broadband Series Forwarding UPnP Forwarding Port Triggering Dynamic Routing Static RoutingDMZ Port DMZ HostDMZ Host Address Current DMZ Host MAC Address CloneDynDNS.org DdnsCommon Problems and Solutions Appendix a TroubleshootingTZO.com For Windows XP For Windows NTFor Windows 95, 98, and Me For Windows XP Am not able to access the Router’s web interface Setup Can’t get the Internet game, server, or application to work To start over, I need to set the Router to factory default Click the Advanced = Filter tab Need to use port triggeringFrequently Asked Questions TCP/IP is compatible with the Router Appendix B Maximizing VPN Security Introduction EnvironmentWindows 2000 or Windows XP Step One Create an IPSec PolicyStep Two Build Filter Lists Filter List 1 win-routerIP Address Filter List 2 router=win Figure C-6Step Three Configure Individual Tunnel Rules Tunnel 1 win-routerRespond Using IPSec XYZ12345. Click String to Protect Negotiate Security Key exchange preShared key, as shown AcceptTunnel 2 router-win Action Require Security This string to protect Key ExchangePreshared key, XYZ12345Figure C-24 Step Four Assign New IPSec PolicyStep Five Create a Tunnel Through the Web-based Utility Figure C-28Appendix E How to Ping Your ISP’s E-mail & Web Addresses Appendix D Snmp FunctionsFigure E-1 Appendix F Installing the TCP/IP Protocol TCP/IP installation is now completeFigure G-1 For Windows NT, 2000, and XPFigure G-5 Appendix H Glossary 129 131 133 135 137 Appendix I Specifications EnvironmentalAppendix J Warranty Information Appendix K Contact InformationSales Information Web FTP SiteCopyright 2003 Linksys, All Rights Reserved
Top Page Image Contents