IKE Phase 1 IKE SA | LevelOne FBR-1404TX manual

VPN

•Click "Next" to view the final screen.

•On the final screen, click "Finish" to save your settings, then "Close" to exit the Wizard.

IKE Phase 1

If you selected IKE, the following screen is displayed after the Traffic Selector screen.

Figure 52: VPN Wizard - IKE Phase 1

IKE Phase 1 (IKE SA)

Direction	Select the desired option:
	• Initiator - Only outgoing connections will be created. Incoming
	connection attempts will be rejected.
	• Responder - Only incoming connections will be accepted.
	Outgoing traffic which would otherwise result in a connection
	will be ignored.
	• Both Directions - Both incoming and outgoing connections are
	allowed.

Local Identity	This setting must match the "Remote Identity" on the remote VPN.
	IP address is the more common method.

Remote Identity	This setting must match the "Local Identity" on the remote VPN.
	IP address is the more common method.

Authentication	• RSA Signature requires that both VPN endpoints have valid
	Certificates issued by a CA (Certification Authority).
	• For Pre-shared key, enter the same key value in both endpoints.
	The key should be at least 8 characters (maximum is 128 charac-
	ters). Note that this key is used for the IKE SA only. The keys
	used for the IPsec SA are automatically generated.

Encryption	Select the desired method, and ensure the remote VPN endpoint uses
	the same method. The "3DES" algorithm provides greater security
	than "DES", but is slower.

77

Image 80

LevelOne FBR-1404TX user manual IKE Phase 1 IKE SA

Contents

LevelOne Table of Contents Remote Administration Upgrade FirmwareGeneral Problems Internet Access LevelOne Broadband VPN Gateway Features Internet Access Features LAN Features Configuration & ManagementSecurity Features Advanced Internet Functions Package Contents Physical Details Front-mounted LEDs Rear Panel Procedure Choose an Installation SiteRequirements Connect LAN Cables Check the LEDs Power UpConnect WAN Cable Overview To Do this Refer to Preparation Configuration ProgramUsing UPnP Using your Web Browser If you cant connect Setup Wizard Common Connection TypesCable Modems DSL Modems SingTel RAS Other Modems e.g. Broadband WirelessBig Pond Cable Australia Home Screen Navigation & Data Input Buttons LAN ScreenData LAN Screen Using the LevelOne Broadband VPN Gateway s Dhcp Server Using another Dhcp ServerTo Configure your PCs to use Dhcp What Dhcp Does Password Screen TCP/IP Settings Overview Windows Clients Using Specify an IP Address Checking TCP/IP Settings Windows 9x/MEUsing Dhcp Gateway Tab Win 95/98 Checking TCP/IP Settings Windows NT4.0 Windows NT4.0 TCP/IP Obtain an IP address from a Dhcp Server Specify an IP Address Windows NT4.0 Add Gateway Windows NT4.0 DNS Checking TCP/IP Settings Windows Network Configuration Win Using a fixed IP Address Use the following IP Address TCP/IP Properties Win Checking TCP/IP Settings Windows XP Network Configuration Windows XP TCP/IP Properties Windows XP Internet Access Accessing AOLFor Windows 9x/ME/2000 For Windows XP Macintosh Clients Linux ClientsOther Unix Systems Fixed IP Address Operation Status Screen System Data Status ScreenInternet Connection Status PPPoE Data PPPoE ScreenConnection Connection Log Connection Log Messages Message Description Pptp Status Connection Status PptpData Pptp Screen Connection Status Connection Status Telstra Big PondData Telstra Big Pond Screen RAS Plan Connection Details SingTel RASData SingTel RAS Screen Default Gateway DNS IP AddressDhcp Client Release/Renew Connection Details Fixed/Dynamic IP Address Data Fixed/Dynamic IP address Screen Update the data shown on screen Internet Features WAN Port Configuration Screen Data WAN Port ScreenIdentification IP Address Login Advanced Internet Screen Communication ApplicationsMAC Address Communication Applications Special Applications Special Applications ScreenData Special Applications Screen Send incoming calls to Using a Special Application IncomingPorts Outgoing URL Filter URL Filter ScreenData URL Filter Screen Filter Strings Ddns Service Dynamic DNS Domain Name ServerDynamic DNS Screen Data Dynamic DNS Screen Password Domain Name Ddns DataUser Name Ddns Status Virtual Servers IP Address seen by Internet Users Connecting to the Virtual Servers Virtual Servers ScreenDefining your own Virtual Servers Data Virtual Servers Screen Backup DNS Internet OptionsData Options Screen MTU size Security Configuration Access Control Access Control ScreenTo use this feature Data Access Control Screen Internet Access Access Control Log Group Members ScreenDate/Time Source IP address This feature is for advanced administrators only Firewall RulesFirewall Rules Screen Data Firewall Rules Screen Data EditMove Delete Firewall Rule Data Firewall Rule ScreenType Source IP Log Dest IPAction Data Logs Screen Enable LogsLogs Mail Logs Syslog Server SPI Firewall Security OptionsData Security Options Screen Options Data Define Schedule Screen SchedulingDefine Schedule Screen Services Data Services ScreenAvailable Services Add New Service Cancel LevelOne Broadband VPN Gateway always uses Tunnel Mode IPSec VPN Configuration Policies Client PC to VPN Gateway Common VPN SituationsVPN Pass-through Connecting 2 LANs via VPN Connecting 2 VPN Gateways VPN Policies VPN Policies ScreenData VPN Policies Screen VPN List Copy Enable/DisableAdding a New Policy General Settings Enable PolicyEndpoint Keys VPN Wizard Traffic Selector Local IP addresses Remote IP addresses Manual Key Exchange ESP Authentication Tion is enabledManually assigned Keys ESP Encryption IKE Phase IKE Phase 1 IKE SA IKE Phase 2 IPsec SA Want to enable both ESP Encryption and ESP Authentication Self Certificates CertificatesTrusted Certificates Adding a Trusted Certificate Adding a Self Certificate Signature Key Length Hash AlgorithmSignature Algorithm Add Self Certificate CRLs To add a New CRL Current VPN SAs VPN StatusData VPN Status Screen Example 1 Connecting 2 LevelOne Broadband VPN Gateways Configuration SettingsSetting LAN a Gate LAN B Gate Way Examples DES IPSec SA Parameters Example 2 Windows 2000/XP Client to LAN LevelOne Broadband VPN Gateway ConfigurationSetting Value Windows Client Configuration Windows 2000/XP Local Security Settings Windows 2000/XP Policy Properties Filter Properties Addressing New Rule Properties Filter Action VPN Setting Windows Setting Modify Security Method Tunnel Setting Windows 2000/XP Client to LevelOne Broadband VPN Gateway Filter List Filter Action Modify Security Method DUT to Win2K Properties Properties General Tab Key Exchange Security Methods IKE Security Algorithms Setting Single Client Server/Gateway Example 3 Windows 2000 Server to VPN Gateway Windows 2000 Server Configuration Windows 2000 Server Addressing Administration UpgradeRemote Firmware PC Database PC Database Screen Data PC Database Screen Known PCsGenerate Report Advanced PC Properties PC Database AdminData PC Database Admin Screen Update Selected Add as NewEntry Clear Form Remote Administration Data Remote Administration ScreenRemote Administration To connect from a remote PC via the Internet Using this Screen RoutingOverview Routing Screen Data Routing Screen Static Routing Other Routers on the Local LAN Configuring Other Routers on your LANLocal Router For Router As Default Route For Router Bs Default RouteStatic Routing Example For the LevelOne Broadband VPN Gateway s Routing Table Upgrade Firmware To perform the Firmware Upgrade UPnP UPnPData Upnp Screen General Problems Internet Access Appendix a Troubleshooting LevelOne Broadband VPN Gateway FCC Statement CE Marking Warning FCC Radiation Exposure Statement