Cisco Systems RV016, RV042G manual IPSec Setup

IPSec Setup

Enter the Internet Protocol Security settings for this tunnel.

IMPORTANT: In order for any encryption to occur, the two ends of a VPN tunnel must agree on the methods of encryption, decryption, and authentication.

•Keying Mode: Choose one of the following key management methods:

-Manual: Choose this option if you want to generate the key yourself and you do not want to enable key negotiation. Manual key management is used in small static environments or for troubleshooting purposes. Enter the required settings. For information, see Required fields for Manual mode, page 143.

-IKE with Preshared Key: Choose this option to use the Internet Key Exchange protocol to set up a Security Association (SA) for your tunnel. IKE uses a preshared key to authenticate the remote IKE peer. This setting is recommended and is selected by default. Enter the required settings. For more information, see Required fields for IKE with Preshared Key, page 144 and Advanced settings for IKE with Preshared Key, page 145.

•Required fields for Manual mode Enter the settings for manual mode.

-Incoming / Outgoing SPI: The Security Parameter Index is carried in the ESP (Encapsulating Security Payload Protocol) header and enables the receiver and sender to select the security association, under which a packet should be processed. You can enter hexadecimal values from 100~ffffffff. Each tunnel must have a unique Incoming SPI and Outgoing SPI. No two tunnels share the same SPI. The Incoming SPI here must match the Outgoing SPI value at the other end of the tunnel, and vice versa.

-Encryption: Select a method of encryption: DES or 3DES. This setting determines the length of the key used to encrypt or decrypt ESP packets. DES is 56-bit encryption and 3DES is 168-bit encryption. 3DES is recommended because it is more secure.

-Authentication: Select a method of authentication: MD5 or SHA1. The authentication method determines how the ESP packets are validated. MD5 is a one-way hashing algorithm that produces a 128-bit digest.

SHA1 is a one-way hashing algorithm that produces a 160-bit digest. SHA1 is recommended because it is more secure. Make sure that both ends of the VPN tunnel use the same authentication method.