Cisco Systems RV042RF manual IPSec Setup, IKE with Preshared Key, Remote Security Group Type

Page 45

Chapter 4

Advanced Configuration

Remote Security Gateway Type > Dynamic IP + Domain Name(FQDN)

Authentication

DomainName  Enterthedomainnameforauthentication. (Once used, you cannot use it again to create a new tunnel connection.)

Dynamic IP + E-mail Addr.(USER FQDN) Authentication

The Remote Security Gateway will be a dynamic IP address, so you do not need to enter the IP address. When the Remote Security Gateway requests to create a tunnel with the Router, the Router will work as a responder.

Remote Security Gateway Type > Dynamic IP + E-mail Addr.(USER

FQDN) Authentication

E-mail address  Enter the e-mail address for authentication.

Remote Security Group Type

Select the Remote Security Group behind the Remote Gateway that can use this VPN tunnel. Select the type you want to use: IP, Subnet, or IP Range. Follow the instructions for the type you want to use.

NOTE: The Remote Security Group Type you select should match the Local Security Group Type selected on the VPN device at the other end of the tunnel.

After you have selected the Remote Security Group Type, the settings available on this screen may change, depending on which selection you have made.

IP

Only the computer with a specific IP address will be able to access the tunnel.

Remote Security Group Type > IP

IP address  Enter the appropriate IP address. Subnet

The default is Subnet. All computers on the remote subnet will be able to access the tunnel.

Remote Security Group Type > Subnet

IP address  Enter the IP address.

Subnet Mask  Enter the subnet mask. The default is 255.255.255.0.

IP Range

Specify a range of IP addresses within a subnet that will be able to access the tunnel.

Remote Security Group Type > IP Range

IP range  Enter the range of IP addresses.

IPSec Setup

In order for any encryption to occur, the two ends of a VPN tunnel must agree on the methods of encryption, decryption, and authentication. This is done by sharing a key to the encryption code. For key management, the default mode is IKE with Preshared Key.

Keying Mode  Select IKE with Preshared Key or Manual. Both ends of a VPN tunnel must use the same mode of key management. After you have selected the mode, the settings available on this screen may change, depending on the selection you have made. Follow the instructions for the mode you want to use.

IKE with Preshared Key

IKE is an Internet Key Exchange protocol used to negotiate key material for Security Association (SA). IKE uses the Preshared Key to authenticate the remote IKE peer.

Phase 1 DH Group  Phase 1 is used to create the SA. DH (Diffie-Hellman) is a key exchange protocol used during Phase 1 of the authentication process to establish pre- shared keys. There are three groups of different prime key lengths. Group 1 is 768 bits, and Group 2 is 1,024 bits. Group 5 is 1,536 bits. If network speed is preferred, select Group 1. If network security is preferred, select Group 5.

Phase 1 Encryption  Select a method of encryption: DES (56-bit), 3DES (168-bit), AES-128(128-bit), AES-192(192- bit), or AES-256(256-bit). The method determines the length of the key used to encrypt or decrypt ESP packets. AES-256 is recommended because it is the most secure. Make sure both ends of the VPN tunnel use the same encryption method.

Phase 1 Authentication  Select a method of authentication, MD5 or SHA. The authentication method determines how the ESP packets are validated. MD5 is

10/100 4-Port VPN Router

38

Page 44 Page 46
Image 45
Page 44 Page 46
Contents 10/100 4-Port VPN Router About This Guide About This GuideIcon Descriptions Online ResourcesTable of Contents Ddns Appendix B Linksys QuickVPN for Windows 2000, XP, or Vista Appendix a TroubleshootingAppendix H Specifications Appendix F Firmware UpgradeAppendix G Trend Micro ProtectLink Gateway Service Appendix D IPSec NAT TraversalAppendix I Warranty Information Appendix K Regulatory InformationAppendix L Contact Information Chapter Chapter IntroductionIntroduction Computer using VPN client software to VPN Router Product Overview Chapter Product OverviewInstallation Chapter InstallationPhysical Installation Cable ConnectionsInstallation Advanced Configuration Chapter Advanced ConfigurationHow to Access the Web-Based Utility OverviewSystem Information ConfigurationPort Statistics Trend Micro ProtectLink GatewayFirewall Setting Status Network Setting StatusVPN Setting Status Log Setting StatusSetup Tab Network LAN SettingNetwork WAN Connection Type Dual-WAN/DMZ SettingPptp Point-to-Point Tunneling Protocol PPPoE Point-to-Point Protocol over EthernetHeart Beat Signal Setup PasswordSetup DMZ Host Setup TimePassword TimeForwarding Setup Tab ForwardingPort Range Forwarding Port TriggeringUPnP Setup UPnPSetup MAC Clone Setup One-to-One NATOne-to-One NAT Add RangeMAC Clone Setup DdnsWAN1/2 DynDNS.orgAdvanced Routing Setup Advanced RoutingDynamic Routing Oray.net PeanutHull DdnsStatic Routing Dhcp SetupSetup Dynamic IPStatic IP Dhcp Status Smart Link BackupStatus Dual-WANLoad Balance Network Service DetectionSystem Management Bandwidth Management Bandwidth WAN1/2Protocol Binding Maximum Bandwidth provided by ISP Bandwidth ManagementBandwidth Management Type Rate ControlPriority System Management SnmpDiagnostic System Management DiagnosticDNS Name Lookup PingFirmware Upgrade Factory DefaultSystem Management Restart Firmware DownloadImport Configuration File Port Management Port SetupExport Configuration File Basic Per Port ConfigFirewall General Port Management Port StatusPort Status GeneralRestrict WEB Features Firewall Access RulesAccess Rules Add a New Access RuleServices Scheduling Firewall Content FilterProtectLink Content FilterVPN Summary SummaryGroupVPN Status Gateway to GatewayClient to Gateway VPN Gateway to Gateway Local Group SetupAdd a New Tunnel VPN Clients StatusLocal Security Group Type Remote Security Gateway Type Remote Group SetupIPSec Setup IKE with Preshared KeyRemote Security Group Type Keying Mode Manual Advanced VPN Client to GatewayTunnel No The tunnel number is automatically generated TunnelRemote Client Remote Client SetupGroup VPN Default is Domain NameFQDN Keying Mode Manual Tunnel Only VPN VPN Client Access VPN VPN Pass Through VPN Client AccessVPN Client Users Certificate ManagementLog System Log VPN Pptp ServerVPN Pass Through Pptp ServerSystem Log Log SettingSyslog MailLog System Statistics Wizard Basic SetupObtain an IP automatically Minutes PPPoEAccess Rule Setup Select the Log Rule Logout SupportManual Linksys Web SiteAppendix a Troubleshooting TroubleshootingAppendix a Appendix B Appendix BLinksys QuickVPN for Windows 2000, XP, or VistaInstall from the CD-ROM Linksys QuickVPN Client Installation and ConfigurationClick the VPN Client Access tab Click Add to list Click Save SettingsClick Business Click Router/VPN Solutions Install the Client CertificateDownload from the Internet Linksys QuickVPN ConnectionVersion Number of Linksys QuickVPN Confirm New Password Re-enter your new passwordAppendix C Configuration of the RVL200Appendix C Gateway-to-Gateway VPN Tunnel Before You BeginConfiguration of PC 1 and PC Configuration of the RV042RV042 RVL200 Dynamic IP B.B.B.B with Configuration when Both Gateways Use Dynamic IP Addresses Appendix C Configuration of Router a Configuration of ScenarioAppendix D Appendix D IPSec NAT TraversalIPSec NAT Traversal Configuration of Router BOne-to-One NAT Rule on NAT 2 RV042 One-to-One NAT Rule on NAT 1 RV042Click the One-to-One NAT tab Configuration of Router a Appendix D Appendix E Creation of New ServicesAppendix E Bandwidth Management Bandwidth ManagementCreation of New Bandwidth Management Rules Firmware Upgrade Appendix F Firmware UpgradeUpgrade the Firmware Alternative Firmware Upgrade OptionFirmware Upgrade How to Purchase, Register, or Activate the Service Appendix G Trend Micro ProtectLink Gateway ServiceAppendix G System SummaryProtectLink How to Use the ServiceWeb Protection ProtectLink Web ProtectionProtectLink License ProtectLink Email ProtectionEmail Protection LicenseAppendix G Appendix H Specifications SpecificationsAppendix H Obtaining Warranty Service Warranty InformationAppendix Exclusions and LimitationsTechnical Support Warranty InformationAppendix J Software License Agreement Appendix JSoftware in Linksys Products Software LicensesSoftware License Agreement SchedulePreamble Appendix J END of Terms and Conditions Original SSLeay License OpenSSL LicenseAppendix J Regulatory Information Appendix KDansk Danish Miljøinformation for kunder i EU Appendix K Norsk Norwegian Miljøinformasjon for kunder i EU Appendix K Contact Information Appendix L
Top Page Image Contents