Cisco Systems RV042RF manual VPN VPN Client Access, Advanced

Page 53

Chapter 4

Advanced Configuration

If DES is selected, the Encryption Key is 16-bit, which requires 16 hexadecimal values. If you do not enter enough hexadecimal values, then the rest of the Encryption Key will be automatically completed with zeroes, so the Encryption Key will be 16-bit. If 3DES is selected, the Encryption Key is 48-bit, which requires 40 hexadecimal values. If you do not enter enough hexadecimal values, then the rest of the Encryption Key will be automatically completed with zeroes, so the Encryption Key will be 48- bit. Make sure both ends of the VPN tunnel use the same Encryption Key.

Authentication Key  This field specifies a key used to authenticate IP traffic. Enter a key of hexadecimal values. If MD5 is selected, the Authentication Key is 32-bit, which requires 32 hexadecimal values. If you do not enter enough hexadecimal values, then the rest of the Authentication Key will be automatically completed with zeroes until it has 32 hexadecimal values. If SHA is selected, the Authentication Key is 40-bit, which requires 40 hexadecimal values. If you do not enter enough hexadecimal values, then the rest of the Authentication Key will be automatically completed with zeroes until it has 40 hexadecimal values. Make sure both ends of the VPN tunnel use the same Authentication Key.

Advanced

For most users, the settings on theVPN page should suffice; however, the Router provides advanced IPSec settings for advanced users using the IKE with Preshared Key mode. Click Advanced to view the Advanced settings.

Advanced

Aggressive Mode  There are two types of Phase 1 exchanges, Main Mode and Aggressive Mode.

Aggressive Mode requires half of the main mode messages to be exchanged in Phase 1 of the SA exchange. If network security is preferred, leave the Aggressive Mode check box unchecked (Main Mode will be used). If network speed is preferred, select Aggressive Mode. If you select one of the Dynamic IP types for the Remote Security Gateway Type setting, then Main Mode will be unavailable, so Aggressive Mode will be used.

Compress (Support IP Payload Compression Protocol (IP Comp))  IP Payload Compression is a protocol that reduces the size of IP datagrams. Select this option if you want the Router to propose compression when it initiates a

connection. If the responders reject this proposal, then the Router will not implement compression. When the Router works as a responder, it will always accept compression, even if compression is not enabled.

Keep-Alive Keep-Alive helps maintain IPSec VPN tunnel connections. If a connection is dropped and detected, it will be re-established immediately. Select this option to use this feature.

AH Hash Algorithm  The AH (Authentication Header) protocol describes the packet format and default standards for packet structure. With the use of AH as the security protocol, protection is extended forward into the IP header to verify the integrity of the entire packet by use of portions of the original IP header in the hashing process. Select this option to use this feature. Then select MD5 or SHA1. MD5 produces a 128-bit digest to authenticate packet data. SHA produces a 160-bit digest to authenticate packet data. Both sides of the tunnel should use the same algorithm.

NetBIOS Broadcast  Select this option to allow NetBIOS traffic to pass through the VPN tunnel. By default, the Router blocks this traffic.

NAT Traversal  Select this option to use this feature. Both the IPSec initiator and responder must support the mechanism for detecting the NAT router in the path and changing to a new port, as defined in RFC 3947.

Dead Peer Detection (DPD)  (This option is available for VPN tunnels only, not group VPNs.) When DPD is enabled, the Router will send periodic HELLO/ACK messages to check the status of the VPN tunnel (this feature can be used only when both peers or VPN devices of the VPN tunnel use the DPD mechanism). Once a dead peer has been detected, the Router will disconnect the tunnel so the connection can be re-established. Specify the interval between HELLO/ACK messages (how often you want the messages to be sent). DPD is enabled by default, and the default interval is 10 seconds.

Click Save Settings to save your changes, or click Cancel Changes to undo them.

VPN > VPN Client Access

The VPN Client Access screen allows you to manage access for Linksys QuickVPN clients. (The Router supports up to 50 Linksys QuickVPN clients free of charge. If the Router you have only supports up to ten clients, then upgrade its firmware. Refer to “Appendix F: Firmware Upgrade” for instructions.)

10/100 4-Port VPN Router

46

Page 52 Page 54
Image 53
Page 52 Page 54
Contents 10/100 4-Port VPN Router About This Guide About This GuideIcon Descriptions Online ResourcesTable of Contents Ddns Appendix B Linksys QuickVPN for Windows 2000, XP, or Vista Appendix a TroubleshootingAppendix H Specifications Appendix F Firmware UpgradeAppendix G Trend Micro ProtectLink Gateway Service Appendix D IPSec NAT TraversalAppendix L Contact Information Appendix I Warranty InformationAppendix K Regulatory Information Introduction ChapterChapter Introduction Computer using VPN client software to VPN Router Product Overview Chapter Product OverviewInstallation Chapter InstallationPhysical Installation Cable ConnectionsInstallation Advanced Configuration Chapter Advanced ConfigurationHow to Access the Web-Based Utility OverviewSystem Information ConfigurationPort Statistics Trend Micro ProtectLink GatewayFirewall Setting Status Network Setting StatusVPN Setting Status Log Setting StatusNetwork Setup Tab NetworkLAN Setting WAN Connection Type Dual-WAN/DMZ SettingPptp Point-to-Point Tunneling Protocol PPPoE Point-to-Point Protocol over EthernetHeart Beat Signal Setup PasswordSetup DMZ Host Setup TimePassword TimeForwarding Setup Tab ForwardingPort Range Forwarding Port TriggeringUPnP Setup UPnPSetup MAC Clone Setup One-to-One NATOne-to-One NAT Add RangeMAC Clone Setup DdnsWAN1/2 DynDNS.orgAdvanced Routing Setup Advanced RoutingDynamic Routing Oray.net PeanutHull DdnsStatic Routing Dhcp SetupStatic IP SetupDynamic IP Dhcp Status Smart Link BackupStatus Dual-WANLoad Balance Network Service DetectionProtocol Binding System Management Bandwidth ManagementBandwidth WAN1/2 Maximum Bandwidth provided by ISP Bandwidth ManagementBandwidth Management Type Rate ControlPriority System Management SnmpDiagnostic System Management DiagnosticDNS Name Lookup PingFirmware Upgrade Factory DefaultSystem Management Restart Firmware DownloadImport Configuration File Port Management Port SetupExport Configuration File Basic Per Port ConfigFirewall General Port Management Port StatusPort Status GeneralRestrict WEB Features Firewall Access RulesServices Access RulesAdd a New Access Rule Scheduling Firewall Content FilterProtectLink Content FilterVPN Summary SummaryClient to Gateway GroupVPN StatusGateway to Gateway VPN Gateway to Gateway Local Group SetupAdd a New Tunnel VPN Clients StatusLocal Security Group Type Remote Security Gateway Type Remote Group SetupRemote Security Group Type IPSec SetupIKE with Preshared Key Keying Mode Manual Advanced VPN Client to GatewayTunnel No The tunnel number is automatically generated TunnelRemote Client Remote Client SetupGroup VPN Default is Domain NameFQDN Keying Mode Manual Tunnel Only VPN VPN Client Access VPN VPN Pass Through VPN Client AccessVPN Client Users Certificate ManagementLog System Log VPN Pptp ServerVPN Pass Through Pptp ServerSystem Log Log SettingSyslog MailLog System Statistics Wizard Basic SetupObtain an IP automatically Minutes PPPoEAccess Rule Setup Select the Log Rule Logout SupportManual Linksys Web SiteAppendix a Appendix a TroubleshootingTroubleshooting Appendix B Appendix BLinksys QuickVPN for Windows 2000, XP, or VistaInstall from the CD-ROM Linksys QuickVPN Client Installation and ConfigurationClick the VPN Client Access tab Click Add to list Click Save SettingsClick Business Click Router/VPN Solutions Install the Client CertificateDownload from the Internet Linksys QuickVPN ConnectionVersion Number of Linksys QuickVPN Confirm New Password Re-enter your new passwordAppendix C Configuration of the RVL200Appendix C Gateway-to-Gateway VPN Tunnel Before You BeginConfiguration of PC 1 and PC Configuration of the RV042RV042 RVL200 Dynamic IP B.B.B.B with Configuration when Both Gateways Use Dynamic IP Addresses Appendix C Configuration of Router a Configuration of ScenarioAppendix D Appendix D IPSec NAT TraversalIPSec NAT Traversal Configuration of Router BClick the One-to-One NAT tab One-to-One NAT Rule on NAT 2 RV042One-to-One NAT Rule on NAT 1 RV042 Configuration of Router a Appendix D Appendix E Creation of New ServicesAppendix E Bandwidth Management Bandwidth ManagementCreation of New Bandwidth Management Rules Firmware Upgrade Appendix F Firmware UpgradeUpgrade the Firmware Alternative Firmware Upgrade OptionFirmware Upgrade How to Purchase, Register, or Activate the Service Appendix G Trend Micro ProtectLink Gateway ServiceAppendix G System SummaryProtectLink How to Use the ServiceWeb Protection ProtectLink Web ProtectionProtectLink License ProtectLink Email ProtectionEmail Protection LicenseAppendix G Appendix H Appendix H SpecificationsSpecifications Obtaining Warranty Service Warranty InformationAppendix Exclusions and LimitationsTechnical Support Warranty InformationAppendix J Software License Agreement Appendix JSoftware in Linksys Products Software LicensesSoftware License Agreement SchedulePreamble Appendix J END of Terms and Conditions Original SSLeay License OpenSSL LicenseAppendix J Regulatory Information Appendix KDansk Danish Miljøinformation for kunder i EU Appendix K Norsk Norwegian Miljøinformasjon for kunder i EU Appendix K Contact Information Appendix L
Top Page Image Contents