IPSec Setup, Phase | Cisco Systems RVS4000RF specification

Setting Up and Configuring the Router	5
Setting Up and Configuring the Router
VPN

domain name in the Domain Name field. Then select either IP Address or IP by DNS Resolved from the drop-down menu, and fill in the IP Address field or Domain Name field.

Remote Security Group Type Select the remote LAN user(s) behind the remote gateway who can use this VPN tunnel. This may be a single IP address or a Sub- network. Note that the Remote Security Group Type must match the other router’s Local Security Group Type.

IP Address Enter the IP address on the remote network.

Subnet Mask If the Remote Security Group Type is set to Subnet, enter the mask to determine the IP addresses on the remote network.

IPSec Setup

Keying Mode The router supports both automatic and manual key management. When choosing automatic key management, IKE (Internet Key Exchange) protocols are used to negotiate key material for SA (Security Association). If manual key management is selected, no key negotiation is needed. Basically, manual key management is used in small static environments or for troubleshooting purposes. Note that both sides must use the same Key Management method.

Phase 1

•Encryption The Encryption method determines the length of the key used to encrypt/decrypt ESP packets. Only 3DES is supported. Notice that both sides must use the same Encryption method.

•Authentication Authentication determines a method to authenticate the ESP packets. Either MD5 or SHA1 may be selected. Notice that both sides (VPN endpoints) must use the same Authentication method.

•MD5 A one-way hashing algorithm that produces a 128-bit digest.

•SHA1 A one-way hashing algorithm that produces a 160-bit digest.

•Group The Diffie-Hellman (DH) group to be used for key exchange. Select the 768-bit (Group 1), 1024-bit (Group 2), or 1536-bit (Group 5) algorithm. Group 5 provides the most security, Group 1 the least.

•Key Life Time This specifies the lifetime of the IKE-generated key. If the time expires, a new key is renegotiated automatically. Enter a value from 300 to 100,000,000 seconds. The default is 28800 seconds.

Phase 2

Cisco RVS4000 Security Router with VPN Administrator Guide

62

Image 62

Cisco Systems RVS4000RF manual IPSec Setup, Phase

Contents

Administration Guide Cisco Systems, Inc. All rights reserved OL-22605-02 Planning Your Virtual Private Network VPN Setting Up and Configuring the RouterIntroduction Networking and Security Basics Getting Started with the RVS4000 Router VPN Using the VPN Setup Wizard Appendix a Troubleshooting 116 Appendix D Gateway-to-Gateway VPN Tunnel 166 Appendix E Cisco ProtectLink Web Service 182Appendix F Specifications 190 Windows 2000 or Windows XP RVS4000 Appendix G Where to Go From Here 194 Introduction Networking and Security Basics An Introduction to LANs Networking and Security Basics Configuring the RouterUse of IP Addresses Intrusion Prevention System IPS IPS Scenarios Why do I need a VPN? Why do I need a VPN?, What is a VPN?, Man in the middle attacks MAC Address SpoofingData Sniffing Planning Your Virtual Private Network VPN What is a VPN? VPN Router to VPN Router VPN Router to VPN Router Computer to VPN Router Tunnel Front Panel Front Panel Back Panel Back PanelGetting Started with the RVS4000 Router Stand Option Placement OptionsDesktop Option Wall Option Installing the Router Configuring the Router Setting Up and Configuring the Router Setting Up and Configuring the Router Login Window SetupSetup Summary Port Statistics Setup SummarySystem Information IPSec VPN Setting Status Network Setting StatusFirewall Setting Status Log Setting Status Internet Connection Type Setup WANAutomatic Configuration Dhcp Static IP Static IP PPPoE PPPoE Pptp Heart Beat Signal Heart Beat Signal L2TP Setting Up and Configuring the Router Optional Settings Required by some ISPs Optional Settings Click Save Setup LAN Setup LAN Server Settings Dhcp IPv4 IPv6 Setup DMZStatic IP Mapping DHCPv6 Setup MAC Address Clone Setup MAC Address CloneSetup DMZ Setup Advanced Routing Setup Advanced RoutingOperating Mode Dynamic Routing Static Routing Inter-VLAN Routing Enable option Setup TimeSetup Time Setup IP Mode Setup IP Mode Firewall Firewall Basic SettingsFirewall Basic Settings Setting Up and Configuring the Router Firewall IP Based ACL Firewall IP Based ACL Editing IP ACL Rules Editing IP ACL Rules Setting Up and Configuring the Router Firewall Internet Access Policy Firewall Internet Access Policy Internet Policy Summary List of PCs Setting Up and Configuring the Router Firewall Single Port Forwarding Firewall Single Port Forwarding Firewall Port Range Forwarding Firewall Port Range Forwarding Firewall Port Range Triggering Firewall Port Range Triggering ProtectLink ProtectLink Purchase ProtectLinkProtectLink ProtectLink Purchase VPN Summary VPN SummaryTunnel Status VPN Clients Status VPN IPSec VPN VPN IPSec VPN Name Fqdn Authentication Local Group SetupRemote Group Setup IPSec Setup Phase Status VPN VPN Client Accounts VPN VPN Client Accounts VPN Client List Table Certificate Management VPN VPN Passthrough VPN VPN Passthrough QoS Bandwidth Management Rate Control QoSQoS Bandwidth Management Rate Control BandwidthBandwidth Management Type Priority QoS Bandwidth Management Priority QoS QoS Setup QoS QoS SetupCoS Setup QoS Dscp Setup QoS Dscp Setup Router Access AdministrationAdministration Management Administration Management UPnP Administration Log Administration LogLog Setting Log Levels Severity Name Description Email Alerts Syslog Administration DiagnosticsAdministration Diagnostics Local Log Traceroute Test Parameters Cable DiagnosticsPing Test Parameters Administration Backup & Restore Administration Backup & RestoreRestore Configuration Administration Factory Default Administration Factory Default Administration Reboot Administration RebootAdministration Firmware Upgrade Administration Firmware Upgrade Click Start to Upgrade Click the Small Business Router Firmware link Anomaly Detection IPS ConfigurationIPS Configuration Peer To Peer Peer to PeerInstant Messenger Attack Category IPS ReportAttacker IPS Report IPS Information L2 SwitchL2 Switch Create Vlan IPS Information L2 Switch Create Vlan Delete Selected Vlan L2 Switch Vlan Port Setting L2 Switch Vlan Port Setting L2 Switch Vlan Membership L2 Switch Vlan Membership L2 Switch Radius L2 Switch Radius L2 Switch Port Setting L2 Switch Port Setting Statistics Overview L2 Switch StatisticsL2 Switch Statistics L2 Switch Port Mirroring L2 Switch Port Mirroring L2 Switch Rstp L2 Switch Rstp Internet Connection StatusStatus Gateway Status Gateway IP Conntrack Status Gateway IP Conntrack Status Local Network Status Local Network VPN Setup Wizard Before You Begin Click Firewall Basic Settings Running the VPN Setup WizardUsing the VPN Setup Wizard \VPN Setup Wizard.exe Welcome Window Informational Window Build VPN Connection Remotely Configure VPN Tunnel Check Router Configuration Summary Window Vpnc Summary Window Configure the Router Test the Connection Exit the Wizard Test Results Building Your VPN Connection Remotely Configure VPN Tunnel Window Check Router Configuration Summary Window Configure the Router Test the Connection View Test Results Troubleshooting Need to set a static IP address on a PC Troubleshooting Windows XP Want to test my Internet connection Windows XP Troubleshooting Troubleshooting Need to set up a server behind my router Application Start and End Protocol IP Address Enable Configure as many entries as you like Go to Setup DMZ Can’t get an Internet game, server, or application to work Firmware upgrade failed To start over, I need to set the router to factory defaultNeed to upgrade the firmware Follow the instructions in Administration Firmware Upgrade, My DSL service’s PPPoE is always disconnecting Click the Router Firmware Rescue Utility link Need to use port triggering Troubleshooting Is IPSec Passthrough supported by the router? Frequently Asked QuestionsWhere is the router installed on the network? Does the router support IPX or AppleTalk? What is Network Address Translation and what is it used for? Does the router support ICQ send file? How can I block corrupted FTP downloads? If all else fails in the installation, what can I do?How can I be notified of new router firmware upgrades? Is the router cross-platform compatible? What is DMZ Hosting?Will the router function in a Macintosh environment? How many ports can be simultaneously forwarded? How do I get mIRC to work with the router? Which modems are compatible with the router?How can I check whether I have static or Dhcp IP addresses? Overview Click the VPN VPN Client Accounts VPN Client Accounts Window Using Cisco QuickVPN for Windows 2000, XP, or VistaClick Add/Save License Agreement Installing the Cisco QuickVPN SoftwareInstalling from the CD-ROM Copying Files Finished Installing Files Using the Cisco QuickVPN Software Downloading and Installing from the Internet QuickVPN Login QuickVPN Status Select VPN VPN Client Accounts Distributing Certificates to QuickVPN UsersConnect Virtual Private Connection \Program Files\Cisco\QuickVPN Client\ Configuring IPSec with a Windows 2000 or XP Computer Introduction Environment How to Establish a Secure IPSec TunnelConfiguring IPSec with a Windows 2000 or XP Computer Windows 2000 or Windows XP Local Security Settings Establishing a Secure IPSec Tunnel Filter List 1 win router Rules Tab IP Filter List Tab IP Filter List Filters Properties Filter List 2 router win New Rules Properties Configuring IPSec with a Windows 2000 or XP Computer New Rule Properties Tunnel 1 win-Router Filter Action Tab Security Methods Tab Authentication Methods Tab Preshared Key Tunnel Setting Tab New Preshared Key Tunnel 2 Router-win Connection Type Tab Properties Window Filter Action Tab Preshared Key New Preshared Key Connection Type Tab Local Computer Click VPN IPSec VPN VPN IPSec VPN Configuring IPSec with a Windows 2000 or XP Computer Gateway-to-Gateway VPN Tunnel Gateway-to-Gateway VPN Tunnel RVS4000 IPSec VPN Settings RVS4000 IPSec Setup Settings Click the Gateway to Gateway tab RV082 VPN Settings RV082 IPSec Setup Settings Click VPN IPSec VPN RVS4000 IPSec VPN Settings RVS4000 IPSec Setup Settings RV082 VPN Settings RV082 IPSec Setup Settings Configuration When Both Gateways Use Dynamic IP Addresses RVS4000 IPSec VPN Settings RVS4000 IPSec Setup Settings RV082 VPN Settings RV082 IPSec Setup Settings Cisco ProtectLink Web Service How to Access the Configuration Utility ProtectLink How to Purchase, Register, or Activate the ServiceCisco ProtectLink Web Service ProtectLink Inactive ProtectLink Active How to Use the ServiceProtectLink Web Protection ProtectLink Web Protection Web Protection Fri Approved URLs ProtectLink License ProtectLink LicenseLicense Performance SpecificationsSetup/Config Management Security FeaturesSpecifications QoS Layer NetworkRouting Environmental Product Documentation Product ResourcesSupport Cisco Small Business Where to Go From Here Related Documentation