LevelOne FBR-1404TX - page 79

LevelOne Broadband VPN Gateway User Guide

These settings must match the remote VPN. Note that you cannot use both AH and ESP.

Manually assigned Keys

AH Authentication AH (Authentication Header) specifies the authentication protocol

for the VPN header, if used. (AH is often NOT used)

If AH is not enabled, the following settings can be ignored.

Keys

• The "in" key here must match the "out" key on the remote

VPN, and the "out" key here must match the "in" key on the

remote VPN.

• Keys can be in ASCII or Hex (0..9 A..F)

• For MD5, the keys should be 32 hex/16 ASCII characters.

• For SHA-1, the keys should be 40 hex/20 ASCII characters.

SPI

• Each SPI (Security Parameter Index) must be unique.

• The "in" SPI here must match the "out" SPI on the remote

VPN, and the "out" SPI here must match the "in" SPI on the

remote VPN.

• Each SPI should be at least 3 characters.

ESP Encryption ESP (Encapsulating Security Payload) provides security for the

payload (data) sent through the VPN tunnel. Generally, you will

want to enable both Encryption and Authentication.

• The "3DES" algorithm provides greater security than "DES",

but is slower.

• The "in" key here must match the "out" key on the remote

VPN, and the "out" key here must match the "in" key on the

remote VPN.

ESP Authentication Generally, you should enable ESP Authentication. There is little

difference between the available algorithms. Just ensure each

endpoint use the same setting.

• The "in" key here must match the "out" key on the remote

VPN, and the "out" key here must match the "in" key on the

remote VPN.

• Keys can be in ASCII or Hex (0..9 A..F)

• For MD5, the keys should be 32 hex/16 ASCII characters.

• For SHA-1, the keys should be 40 hex/20 ASCII characters.

ESP SPI This is required if either ESP Encryption or ESP Authentica-

tion is enabled.

• Each SPI (Security Parameter Index) must be unique.

• The "in" SPI here must match the "out" SPI on the remote

VPN, and the "out" SPI here must match the "in" SPI on the

remote VPN.

• Each SPI should be at least 3 characters.

For Manual Key Exchange, configuration is now complete.

76

Contents

Main LevelOne FBR-1404TX Broadband VPN Gateway w/ 4-port Switch Users Manual Table of Contents Page Chapter 1 Introduction LevelOne Broadband VPN Gateway Features Internet Access Features Advanced Internet Functions LAN Features Configuration & Management Security Features VPN Gateway Features Package Contents Physical Details Front-mounted LEDs Rear Panel Chapter 2 Installation Requirements Procedure 1. Choose an Installation Site 2. Connect LAN Cables 3. Connect WAN Cable 4. Power Up 5. Check the LEDs Chapter 3 Setup Configuration Program Preparation Using UPnP Using your Web Browser If you can't connect Setup Wizard Common Connection Types Cable Modems DSL Modems Other Modems (e.g. Broadband Wireless) Big Pond Cable (Australia) SingTel RAS Home Screen Navigation & Data Input LAN Screen Data - LAN Screen DHCP What DHCP Does Using the LevelOne Broadband VPN Gateway 's DHCP Server Using another DHCP Server To Configure your PCs to use DHCP Password Screen Chapter 4 PC Configuration Overview Windows Clients TCP/IP Settings - Overview If using a Fixed (specified) IP address, the following changes are re- quired: Checking TCP/IP Settings - Windows 9x/ME: Using DHCP Using "Specify an IP Address" Page Page Obtain an IP address from a DHCP Server Specify an IP Address Page Page Checking TCP/IP Settings - Windows 2000: Using DHCP Using a fixed IP Address ("Use the following IP Address") Checking TCP/IP Settings - Windows XP Using DHCP Using a fixed IP Address ("Use the following IP Address") Internet Access For Windows 9x/ME/2000 For Windows XP Accessing AOL Macintosh Clients Note: Linux Clients Fixed IP Address To act as a DHCP Client (recommended) Operation and Status Operation Status Screen Data - Status Screen Connection Status - PPPoE Data - PPPoE Screen Connection Log Messages Connection Status - PPTP Data - PPTP Screen Connection Status - Telstra Big Pond Data - Telstra Big Pond Screen Connection Details - SingTel RAS Data - SingTel RAS Screen Page Connection Details - Fixed/Dynamic IP Address Data - Fixed/Dynamic IP address Screen Page Chapter 6 Internet Features WAN Port Configuration Screen Data - WAN Port Screen Page Advanced Internet Screen Communication Applications Special Applications Special Applications Screen Data - Special Applications Screen Using a Special Application DMZ URL Filter URL Filter Screen Data - URL Filter Screen Dynamic DNS (Domain Name Server) Dynamic DNS Screen Data - Dynamic DNS Screen Page Virtual Servers IP Address seen by Internet Users Virtual Servers Screen Data - Virtual Servers Screen Defining your own Virtual Servers Connecting to the Virtual Servers Internet Options Data - Options Screen Chapter 7 Security Configuration Access Control To use this feature: Access Control Screen Data - Access Control Screen Page Group Members Screen Access Control Log Firewall Rules Firewall Rules Screen Data - Firewall Rules Screen Page Firewall Rule Data - Firewall Rule Screen Page Logs Data - Logs Screen Page Security Options Data - Security Options Screen Page Scheduling Define Schedule Screen Data - Define Schedule Screen Services Data - Services Screen Page Chapter 8 VPN IPSec IKE Policies VPN Configuration Common VPN Situations VPN Pass-through Client PC to VPN Gateway Connecting 2 LANs via VPN VPN Policies VPN Policies Screen Data - VPN Policies Screen Adding a New Policy Page Page Page Page Page Page Page Certificates Adding a Trusted Certificate Adding a Self Certificate Page Page CRLs To add a New CRL VPN Status Data - VPN Status Screen Examples Example 1: Connecting 2 LevelOne Broadband VPN Gateways Note Configuration Settings Page Example 2: Windows 2000/XP Client to LAN LevelOne Broadband VPN Gateway Configuration Windows Client Configuration Page Page Page Page Page Page Page Page Page Page Page Configuration is now complete. Example 3: Windows 2000 Server to VPN Gateway LevelOne Broadband VPN Gateway Configuration Windows 2000 Server Configuration Chapter 9 Other Features and Settings PC Database PC Database Screen Data - PC Database Screen PC Database (Admin) Data - PC Database ( Admin) Screen Page Remote Administration Data - Remote Administration Screen To connect from a remote PC via the Internet Routing Overview Routing Screen Using this Screen Static Routing Table Data - Routing Screen Configuring Other Routers on your LAN Local Router Other Routers on the Local LAN Static Routing - Example For the LevelOne Broadband VPN Gateway 's Routing Table For Router A's Default Route For Router B's Default Route Upgrade Firmware To perform the Firmware Upgrade: UPnP Data - UPNP Screen A Appendix A Troubleshooting Overview General Problems Internet Access Page B Appendix B Specifications LevelOne Broadband VPN Gateway FCC Statement FCC Radiation Exposure Statement CE Marking Warning