Manually assigned Keys, ESP Encryption | LevelOne FBR-1404TX

LevelOne Broadband VPN Gateway User Guide

These settings must match the remote VPN. Note that you cannot use both AH and ESP.

Manually assigned Keys

AH Authentication AH (Authentication Header) specifies the authentication protocol for the VPN header, if used. (AH is often NOT used)

If AH is not enabled, the following settings can be ignored.

Keys

• The "in" key here must match the "out" key on the remote VPN, and the "out" key here must match the "in" key on the remote VPN.

• Keys can be in ASCII or Hex (0..9 A..F)

• For MD5, the keys should be 32 hex/16 ASCII characters.

• For SHA-1, the keys should be 40 hex/20 ASCII characters.

	SPI
	• Each SPI (Security Parameter Index) must be unique.
	• The "in" SPI here must match the "out" SPI on the remote
	VPN, and the "out" SPI here must match the "in" SPI on the
	remote VPN.
	• Each SPI should be at least 3 characters.

ESP Encryption	ESP (Encapsulating Security Payload) provides security for the
	payload (data) sent through the VPN tunnel. Generally, you will
	want to enable both Encryption and Authentication.
	• The "3DES" algorithm provides greater security than "DES",
	but is slower.
	• The "in" key here must match the "out" key on the remote
	VPN, and the "out" key here must match the "in" key on the
	remote VPN.

ESP Authentication	Generally, you should enable ESP Authentication. There is little
	difference between the available algorithms. Just ensure each
	endpoint use the same setting.
	• The "in" key here must match the "out" key on the remote
	VPN, and the "out" key here must match the "in" key on the
	remote VPN.
	• Keys can be in ASCII or Hex (0..9 A..F)
	• For MD5, the keys should be 32 hex/16 ASCII characters.
	• For SHA-1, the keys should be 40 hex/20 ASCII characters.

ESP SPI	This is required if either ESP Encryption or ESP Authentica-
	tion is enabled.
	• Each SPI (Security Parameter Index) must be unique.
	• The "in" SPI here must match the "out" SPI on the remote
	VPN, and the "out" SPI here must match the "in" SPI on the
	remote VPN.
	• Each SPI should be at least 3 characters.

For Manual Key Exchange, configuration is now complete.

76

Image 79

LevelOne FBR-1404TX user manual Manually assigned Keys, ESP Encryption, ESP Authentication, Tion is enabled

Contents

LevelOne Table of Contents Internet Access Remote AdministrationUpgrade Firmware General Problems Internet Access Features LevelOne Broadband VPN Gateway Features Advanced Internet Functions LAN FeaturesConfiguration & Management Security Features Package Contents Front-mounted LEDs Physical Details Rear Panel Connect LAN Cables ProcedureChoose an Installation Site Requirements Connect WAN Cable Power UpCheck the LEDs To Do this Refer to Overview Using UPnP Configuration ProgramPreparation If you cant connect Using your Web Browser DSL Modems Setup WizardCommon Connection Types Cable Modems Big Pond Cable Australia Other Modems e.g. Broadband WirelessSingTel RAS Navigation & Data Input Home Screen Data LAN Screen LAN ScreenButtons What Dhcp Does Using the LevelOne Broadband VPN Gateway s Dhcp ServerUsing another Dhcp Server To Configure your PCs to use Dhcp Password Screen Windows Clients TCP/IP Settings Overview Using Dhcp Checking TCP/IP Settings Windows 9x/MEUsing Specify an IP Address Gateway Tab Win 95/98 Windows NT4.0 TCP/IP Checking TCP/IP Settings Windows NT4.0 Specify an IP Address Obtain an IP address from a Dhcp Server Windows NT4.0 Add Gateway Windows NT4.0 DNS Network Configuration Win Checking TCP/IP Settings Windows TCP/IP Properties Win Using a fixed IP Address Use the following IP Address Network Configuration Windows XP Checking TCP/IP Settings Windows XP TCP/IP Properties Windows XP For Windows XP Internet AccessAccessing AOL For Windows 9x/ME/2000 Fixed IP Address Macintosh ClientsLinux Clients Other Unix Systems Status Screen Operation Internet Data Status ScreenSystem Connection Log Connection Status PPPoEData PPPoE Screen Connection Message Description Connection Log Messages Data Pptp Screen Connection Status PptpPptp Status Data Telstra Big Pond Screen Connection Status Telstra Big PondConnection Status Data SingTel RAS Screen Connection Details SingTel RASRAS Plan Release/Renew Default GatewayDNS IP Address Dhcp Client Data Fixed/Dynamic IP address Screen Connection Details Fixed/Dynamic IP Address Update the data shown on screen Internet Features IP Address WAN Port Configuration ScreenData WAN Port Screen Identification Login Communication Applications Advanced Internet ScreenCommunication Applications MAC Address Send incoming calls to Special ApplicationsSpecial Applications Screen Data Special Applications Screen Outgoing Using a Special ApplicationIncoming Ports Filter Strings URL FilterURL Filter Screen Data URL Filter Screen Data Dynamic DNS Screen Ddns ServiceDynamic DNS Domain Name Server Dynamic DNS Screen Ddns Status Password Domain NameDdns Data User Name IP Address seen by Internet Users Virtual Servers Data Virtual Servers Screen Connecting to the Virtual ServersVirtual Servers Screen Defining your own Virtual Servers MTU size Backup DNSInternet Options Data Options Screen Security Configuration Data Access Control Screen Access ControlAccess Control Screen To use this feature Internet Access Source IP address Access Control LogGroup Members Screen Date/Time Data Firewall Rules Screen This feature is for advanced administrators onlyFirewall Rules Firewall Rules Screen Delete DataEdit Move Source IP Firewall RuleData Firewall Rule Screen Type Action Dest IPLog Logs Enable LogsData Logs Screen Syslog Server Mail Logs Data Security Options Screen Security OptionsSPI Firewall Options Define Schedule Screen SchedulingData Define Schedule Screen Add New Service ServicesData Services Screen Available Services Cancel IPSec LevelOne Broadband VPN Gateway always uses Tunnel Mode Policies VPN Configuration VPN Pass-through Common VPN SituationsClient PC to VPN Gateway Connecting 2 VPN Gateways Connecting 2 LANs via VPN VPN List VPN PoliciesVPN Policies Screen Data VPN Policies Screen Adding a New Policy Enable/DisableCopy Keys General SettingsEnable Policy Endpoint Local IP addresses VPN Wizard Traffic Selector Manual Key Exchange Remote IP addresses ESP Encryption ESP AuthenticationTion is enabled Manually assigned Keys IKE Phase 1 IKE SA IKE Phase IKE Phase 2 IPsec SA Want to enable both ESP Encryption and ESP Authentication Trusted Certificates CertificatesSelf Certificates Adding a Self Certificate Adding a Trusted Certificate Signature Algorithm Hash AlgorithmSignature Key Length Add Self Certificate To add a New CRL CRLs Data VPN Status Screen VPN StatusCurrent VPN SAs Examples Example 1 Connecting 2 LevelOne Broadband VPN GatewaysConfiguration Settings Setting LAN a Gate LAN B Gate Way IPSec SA Parameters DES Setting Value LevelOne Broadband VPN Gateway ConfigurationExample 2 Windows 2000/XP Client to LAN Windows 2000/XP Local Security Settings Windows Client Configuration Windows 2000/XP Policy Properties Filter Properties Addressing New Rule Properties Filter Action Modify Security Method VPN Setting Windows Setting Tunnel Setting Windows 2000/XP Client to LevelOne Broadband VPN Gateway Filter List Filter Action Modify Security Method DUT to Win2K Properties Properties General Tab IKE Security Algorithms Key Exchange Security Methods Example 3 Windows 2000 Server to VPN Gateway Setting Single Client Server/Gateway Windows 2000 Server Addressing Windows 2000 Server Configuration Firmware AdministrationUpgrade Remote PC Database Screen PC Database Advanced Data PC Database ScreenKnown PCs Generate Report Data PC Database Admin Screen PC Database AdminPC Properties Clear Form Update SelectedAdd as New Entry To connect from a remote PC via the Internet Remote AdministrationData Remote Administration Screen Remote Administration Routing Screen Using this ScreenRouting Overview Static Routing Data Routing Screen Local Router Configuring Other Routers on your LANOther Routers on the Local LAN For the LevelOne Broadband VPN Gateway s Routing Table For Router As Default RouteFor Router Bs Default Route Static Routing Example To perform the Firmware Upgrade Upgrade Firmware Data Upnp Screen UPnPUPnP Internet Access General Problems Appendix a Troubleshooting FCC Statement LevelOne Broadband VPN Gateway FCC Radiation Exposure Statement CE Marking Warning