Cisco Systems RVS4000RF Status

Setting Up and Configuring the Router

VPN

Cisco RVS4000 Security Router with VPN Administrator Guide 63

5

•Encryption The Encryption method determines the length of the key used

to encrypt/decrypt ESP packets. Only 3DES is supported. Note that both

sides must use the same Encryption method.

•Authentication Authentication determines a method to authenticate the

ESP packets. Either MD5 or SHA1 may be selected. Note that both sides

(VPN endpoints) must use the same Authentication method.

•MD5 A one-way hashing algorithm that produces a 128-bit digest.

•SHA1 A one-way hashing algorithm that produces a 160-bit digest.

•Perfect Forward Secrecy If PFS is enabled, IKE Phase 2 negotiation

generates a new key material for IP traffic encryption and authentication.

Note that both sides must have this selected.

•Preshared Key IKE uses the Preshared Key field to authenticate the remote

IKE peer. Both character and hexadecimal values are acceptable in this

field; e.g., “My_@123” or “0x4d795f40313233”. Note that both sides must

use the same Preshared Key.

•Group The Diffie-Hellman (DH) group to be used for key exchange. Select

the 768-bit (Group 1), 1024-bit (Group 2), or 1536-bit (Group 5) algorithm.

Group 5 provides the most security, Group 1 the least.

•Key Life Time This sp ecifies the lifetime of the IKE-generated key. If the

time expires, a new key is renegotiated automatically. Enter a value from

300 to 100,000,000 seconds. The default is 3600 seconds.

Status

Status Displays the connection status for the selected tunnel. The state is either

connected or disconnected.

Connect Click this button to establish a connection for the current VPN tunnel. If

you have made any changes, click Save first to apply your changes.

Disconnect Click this button to break a connection for the current VPN tunnel.

View Log Click this button to view the VPN log, which shows details of each tunnel

established.

Advanced Click this button to display these additional settings.

Contents

Main Page Page Firewall 46 ProtectLink 57 VPN 58 QoS 67 Administration 72 Chapter 6: Using the VPN Setup Wizard 98 Appendix A: Troubleshooting 116 Appendix B: Using Cisco QuickVPN for Windows 2000, XP, or Vista 133 Appendix C: Configuring IPSec with a Windows 2000 or XP Computer 142 Appendix D: Gateway-to-Gateway VPN Tunnel 166 Appendix E: Cisco ProtectLink Web Service 182 Appendix F: Specifications 190 Appendix G: Where to Go From Here 194 Product Resources 194 Related Documentation 195 Introduction Networking and Security Basics An Introduction to LANs The Use of IP Addresses The Intrusion Prevention System (IPS) Page Planning Your Virtual Private Network (VPN) Why do I need a VPN? 1) MAC Address Spoofing 2) Data Sniffing 3) Man in the middle attacks What is a VPN? VPN Router to VPN Router Computer (using the Cisco QuickVPN Client software) to VPN Router Getting Started with the RVS4000 Router Front Panel Getting Started with the RVS4000 Router Back Panel Back Panel Placement Options Desktop Option Stand Option Wall Option Installing the Router Configuring the Router Page Setting Up and Configuring the Router Setup Setup > Summary System Information Port Statistics Network Setting Status Firewall Setting Status IPSec VPN Setting Status Log Setting Status Setup > WAN Static IP PPPoE PPTP Heart Beat Signal L2TP Page Optional Settings (Required by some ISPs) Page Page IPv4 Server Settings (DHCP) Static IP Mapping IPv6 DHCPv6 Setup > DMZ Setup > MAC Address Clone Setup > Advanced Routing Operating Mode Dynamic Routing Static Routing Inter-VLAN Routing Setup > Time Setup > IP Mode Firewall Firewall > Basic Settings Page Firewall > IP Based ACL Editing IP ACL Rules Page Firewall > Internet Access Policy Page Page Firewall > Single Port Forwarding Firewall > Port Range Forwarding Firewall > Port Range Triggering ProtectLink ProtectLink > ProtectLink Purchase VPN VPN > Summary Tunnel Status VPN Clients Status Page Local Group Setup Remote Group Setup IPSec Setup Status VPN > VPN Client Accounts VPN Client List Table Certificate Management VPN > VPN Passthrough QoS QoS > Bandwidth Management Bandwidth Bandwidth Management Type Rate Control Priority QoS > QoS Setup CoS Setup QoS > DSCP Setup Administration Administration > Management Router Access SNMP UPnP Administration > Log Log Setting Email Alerts Syslog Local Log Administration > Diagnostics Ping Test Parameters Traceroute Test Parameters Cable Diagnostics Administration > Backup & Restore Restore Configuration Administration > Factory Default Administration > Reboot Administration > Firmware Upgrade Page IPS IPS > Configuration Anomaly Detection IPS > P2P/IM Peer to Peer Instant Messenger IPS > Report Page IPS > Information L2 Switch L2 Switch > Create VLAN Page L2 Switch > VLAN Port Setting L2 Switch > VLAN Membership L2 Switch > RADIUS L2 Switch > Port Setting L2 Switch > Statistics Statistics Overview L2 Switch > Port Mirroring L2 Switch > RSTP Status Status > Gateway Internet Connection IP Conntrack Status > Local Network Using the VPN Setup Wizard VPN Setup Wizard Running the VPN Setup Wizard Page Page Page Page Page Page Page Page Page Building Your VPN Connection Remotely Page Page Page Page Page Page A Troubleshooting I need to set a static IP address on a PC. Windows 2000 Windows XP I want to test my Internet connection. Windows 2000 Windows XP I am not getting an IP address on the Internet with my Internet connection. I am not able to access the routers configuration utility Setup window. I cant get my Virtual Private Network (VPN) to work through the router. I need to set up a server behind my router. I need to set up online game hosting or use other Internet applications. I cant get an Internet game, server, or application to work. I forgot my password or the password prompt always appears when saving settings to the router. I am a PPPoE user and I need to remove the proxy settings or the dial- up pop-up window. To start over, I need to set the router to factory default. I need to upgrade the firmware. The firmware upgrade failed. My DSL services PPPoE is always disconnecting. I cant access my email, web, or VPN, or I am getting corrupted data from the Internet. I need to use port triggering. When I enter a URL or IP address, I get a time-out error or am prompted to retry. Frequently Asked Questions Page Page Page Page B Using Cisco QuickVPN for Windows 2000, XP, or Vista Page Installing the Cisco QuickVPN Software Installing from the CD-ROM Page Downloading and Installing from the Internet Using the Cisco QuickVPN Software Page Page Distributing Certificates to QuickVPN Users Page C Configuring IPSec with a Windows 2000 or XP Computer Introduction Environment Windows 2000 or Windows XP RVS4000 How to Establish a Secure IPSec Tunnel Establishing a Secure IPSec Tunnel Filter List 1: win -> router Page Page Filter List 2: router -> win Page Page Tunnel 1: win->Router Page Page Page Page Tunnel 2: Router->win Page Page Page Page Page Page Page Page Page D Gateway-to-Gateway VPN Tunnel Configuration when the Remote Gateway Uses a Static IP Address Page Page Page Page Configuration when the Remote Gateway Uses a Dynamic IP Address Page Page Page Page Configuration When Both Gateways Use Dynamic IP Addresses Page Page Page Page E Cisco ProtectLink Web Service How to Access the Configuration Utility How to Purchase, Register, or Activate the Service ProtectLink Page How to Use the Service ProtectLink > Web Protection Page Web Protection URL Filtering Business Hour Setting Web Reputation Approved URLs Approved Clients URL Overflow Control ProtectLink > License License License Information F Specifications Specifications Performance Setup/Config Management Security Features QoS Network VPN Routing Layer 2 Environmental Specifications are subject to change without notice. G Where to Go From Here Product Resources G Related Documentation