Linksys BEFSX41 manual Introduction, Environment, Windows 2000 or Windows XP

Page 53

Instant Broadband® Series

Appendix C: Configuring IPSec between a Windows 2000 or XP PC and the Firewall Router

Introduction

This document demonstrates how to establish a secure IPSec tunnel using pre- shared keys to join a private network inside the Firewall Router and a Microsoft Windows 2000 or XP PC. You can find detailed information on configuring the Microsoft Windows 2000 server at the Microsoft website:

Microsoft KB Q252735 - How to Configure IPSec Tunneling in Windows 2000 http://support.microsoft.com/support/kb/articles/Q252/7/35.asp

Microsoft KB Q257225 - Basic IPSec Troubleshooting in Windows 2000 http://support.microsoft.com/support/kb/articles/Q257/2/25.asp

Environment

The IP addresses and other specifics mentioned in this appendix are for illus- tration purposes only.

Windows 2000 or Windows XP

IP Address: 140.111.1.2 <= User ISP provides IP Address; this is only an example.

Subnet Mask: 255.255.255.0

BEFSX41

WAN IP Address: 140.111.1.1 <= User ISP provides IP Address; this is only an example.

Subnet Mask: 255.255.255.0

LAN IP Address: 192.168.1.1

Subnet Mask: 255.255.255.0

EtherFast® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint

Note: Keep a record of any changes you make. Those changes will be identical in the Windows “secpol” application and the Router’s Web- Based Utility.

Step One: Create an IPSec Policy

1.Click the Start button, select Run, and type secpol.msc in the Open field. The Local Security Setting screen will appear as shown in Figure C-1.

Figure C-1

2.Right-clickIP Security Policies on Local Computer, and click Create IP Security Policy.

3.Click the Next button, and then enter a name for your policy (for example, to_router). Then, click Next.

4.Deselect the Activate the default response rule check box, and then click the Next button.

5.Click the Finish button, making sure the Edit check box is checked.

98

99

Image 53

Contents User Guide Copyright & Trademarks Table of Contents Environmental 139 FeaturesIntroduction IP Addresses An Introduction to LANs and WANsYour Virtual Private Network VPN Network Setup OverviewWhy Do I Need a VPN? Firewall Router to Firewall Router What is a Virtual Private Network?Router’s Back Panel PowerModem connection will not work from any other port PortsProceed to Connect the Router WAN and LAN LEDsRouter’s Front Panel LEDs Router’s hardware installation is now complete Connecting Your Hardware Together and Booting UpConnect the Router OverviewConfiguring Windows 95, 98, and Millennium PCs Configure the PCsConfiguring Windows 2000 PCs Go to Configure the RouterConfiguring Windows XP PCs Configure the Router Static IP Address Obtain an IP Address AutomaticallyAdvanced Proxies. Click Direct Connection to the Internet Enter the Gateway AddressRAS PPPoECable/DSL Firewall Router’s Web-based Utility Quick and Easy Router AdministrationSetup Static IP User Name and PasswordWAN IP Firewall Block WAN Request Remote UpgradeMulticast Pass Through IPSec Pass ThroughVPN Establishing a TunnelLocal Secure Group and Remote Secure Group Remote Security Gateway Key Management AuthenticationEncryption Instant Broadband Series Phase Advanced Settings for Selected IPSec TunnelPassword Other SettingsStatus Dhcp Log Help Filters AdvancedInstant Broadband Series Forwarding UPnP Forwarding Port Triggering Static Routing Dynamic RoutingDMZ Host Address DMZ HostDMZ Port MAC Address Clone Current DMZ HostDdns DynDNS.orgTZO.com Appendix a TroubleshootingCommon Problems and Solutions For Windows 95, 98, and Me For Windows NTFor Windows XP For Windows XP Am not able to access the Router’s web interface Setup Can’t get the Internet game, server, or application to work To start over, I need to set the Router to factory default Need to use port triggering Click the Advanced = Filter tabFrequently Asked Questions TCP/IP is compatible with the Router Appendix B Maximizing VPN Security Environment IntroductionWindows 2000 or Windows XP Step One Create an IPSec PolicyIP Address Filter List 1 win-routerStep Two Build Filter Lists Figure C-6 Filter List 2 router=winTunnel 1 win-router Step Three Configure Individual Tunnel RulesString to Protect Negotiate Security Key exchange pre Respond Using IPSec XYZ12345. ClickShared key, as shown AcceptTunnel 2 router-win Key Exchange Action Require Security This string to protectPreshared key, XYZ12345Step Four Assign New IPSec Policy Figure C-24Figure C-28 Step Five Create a Tunnel Through the Web-based UtilityAppendix D Snmp Functions Appendix E How to Ping Your ISP’s E-mail & Web AddressesFigure E-1 TCP/IP installation is now complete Appendix F Installing the TCP/IP ProtocolFor Windows NT, 2000, and XP Figure G-1Figure G-5 Appendix H Glossary 129 131 133 135 137 Environmental Appendix I SpecificationsAppendix K Contact Information Appendix J Warranty InformationSales Information Web FTP SiteCopyright 2003 Linksys, All Rights Reserved