Linksys AG300 manual Advanced VPN Settings

Page 32

ADSL Gateway

To use manual key management, select Manual, enter authentication and encryption keys (these must be identical to those entered at the remote end), and enter inbound and outbound SPIs (security parameter indexes). The SPIs must be exactly complementary to those entered at the remote end.

When you select automatic key management, an Advanced Settings button appears. Click this button if there are special requirements for this IPSec tunnel. The Advanced IPSec VPN Tunnel Setup window will appear. (Help for this window can be displayed by clicking More on the right side of the VPN panel.)

In this window you can set parameters for IKE phases 1 and 2, and other settings. Phase 1 is when the two ends negotiate parameters for key exchange; phase 2 is when they negotiate parameters for data exchange.

Operation mode: Key exchange parameters can be negotiated in Main mode, which is more secure, or Aggressive mode, which is quicker. The Gateway will accept requests in either mode, but some gateways and clients will accept requests only in the mode specified by the user.

Proposal 1: A proposal is a set of parameters that the initiator sends and the responder examines for acceptability. You can specify encryption and authentication algorithms, Diffie-Hellman group, and key lifetime for the first proposal.

Phase 2 Proposal: Select the desired Diffie-Hellman group, 768-bit or 1024-bit.

Other Settings

NAT Traversal: Enable this feature if the machine or machines being accessed through the tunnel stand behind a NAT (Network Address Translation) server.

NetBIOS broadcast: Enable this feature if the local network does not include a WINS server and the remote machine or machines will need to find local machines by their NetBIOS (Windows Networking) names.

Anti-replay: Packets sent through an IPSec tunnel contain sequencing numbers to let the receiver detect if a substitution has occurred. You can enable this function for greater security.

Keep-alive: This feature, enabled by default, makes the Gateway check the tunnel connection periodically and attempt to re-establish it if it goes down.

If IKE failed . . . : IKE failure may signify an unwanted intrusion attempt. You can set a limit on the number of consecutive failed requests that the Gateway will allow from the same IP address, and the amount of time that the Gateway will ignore further requests from that address.

When finished making changes in this panel, click the Save Settings button to save your changes, or click Cancel Changes to undo the changes. Use the VPN panel’s Connect and View Logs buttons to test the tunnel.

Chapter 5: Configuring the ADSL Gateway

Figure 5-21: Advanced VPN Settings

Figure 5-22: VPN Log

26

The Security Tab

Page 31 Page 33
Image 32
Page 31 Page 33
Contents Adsl Gateway Word definition How to Use this GuideCopyright and Trademarks Table of Contents Adsl Gateway Ports and Reset Button on Side Panel Network25 List of PCs Introduction WelcomeWhat’s in this User Guide? Adsl Gateway Planning Your Network Gateway’s FunctionsIP Addresses What’s an IP Address?Dhcp Dynamic Host Configuration Protocol Servers Dynamic IP AddressesPorts and Reset Button on Side Panel Getting to Know the Adsl GatewayPower LEDs on Side PanelBottom Panel Bottom Panel with Stand Closed PositionOverview Connecting the Adsl GatewayConnecting the Gateway to a Computer Connect a PC Configuring the Adsl Gateway SetupAccess Restrictions AdministrationSecurity Applications & GamingHow to Access the Web-based Utility Setup TabBasic Setup Tab Internet SetupRFC 1483 Bridged Dynamic IP Static IPRFC 1483 Routed IPoARFC 2516 PPPoE RFC 2364 PPPoANetwork Setup Bridged Mode OnlyOptional Settings required by some ISPs Ddns Tab DdnsDynDNS.org TZO.comAdvanced Routing Tab Advanced RoutingPVC Routing Policy 15 Routing TableConfiguring the Adsl Gateway Setup Tab Security Tab Firewall TabFirewall Additional FiltersIPSec VPN Tunnel VPN TabVPN Passthrough 20 VPN Settings Summary 21 Advanced VPN Settings Access Restriction Tab Internet Access Tab25 List of PCs Single Port Forwarding Applications & Gaming TabSingle Port Forwarding Tab Port Range Forwarding Tab 28 Port Range ForwardingPort Triggering Tab DMZ TabEdit list of QoS Settings QoS TabQoS PVC QoS PriorityConfiguring the Adsl Gateway Applications & Gaming Tab Management Tab Administration TabGateway Access UPnP IGMP-ProxyIGMP-Snooping Email Alerts Reporting TabReporting Diagnostics Tab Backup&Restore TabBackup Configuration Restore ConfigurationFactory Defaults Tab Firmware Upgrade TabReboot Tab Upgrade from LANStatus Tab Gateway TabGateway Information Internet ConnectionLocal Network Tab 43 Local NetworkPVC Connection DSL Connection TabDSL Status Need to set a static IP address on a computer Appendix a TroubleshootingCommon Problems and Solutions Want to test my Internet connection Adsl Gateway Adsl Gateway TCP UDP Can’t get the Internet game, server, or application to work To start over, I need to set the Gateway to factory default Need to upgrade the firmwareFirmware upgrade failed, and/or the Power LED is flashing My DSL service’s PPPoE is always disconnectingPower LED flashes continuously Frequently Asked Questions Where is the Gateway installed on the network?Is IPSec Passthrough supported by the Gateway? Does the Gateway support IPX or AppleTalk?What is Network Address Translation and what is it used for? Does the Gateway support ICQ send file?What is DMZ Hosting? What are the advanced features of the Gateway? What is a MAC Address?How do I reset the Gateway? Is the Gateway cross-platform compatible?Figure B-1 IP Configuration Screen Windows 98 or Me InstructionsWindows 2000 or XP Instructions Figure B-3 MAC Address/Physical AddressFigure C-1 Firmware Upgrade Appendix C Upgrading FirmwareAppendix D Glossary Adsl Gateway Adsl Gateway Adsl Gateway Adsl Gateway Appendix E Specifications Storage Humidity Appendix F Warranty Information Appendix G Regulatory Information FCC StatementAdsl Gateway Adsl Gateway Adsl Gateway Adsl Gateway Adsl Gateway Appendix H Contact Information Europe Mail Address
Top Page Image Contents