LevelOne FBR-1404TX - page 81

LevelOne Broadband VPN Gateway User Guide

IKE Exchange

Mode

Select the desired option, and ensure the remote VPN endpoint uses

the same mode. Main Mode provides identity protection for the hosts

initiating the IPSec session, but takes slightly longer to complete.

Aggressive Mode provides no identity protection, but is quicker.

IKE SA Life Time This setting does not have to match the remote VPN endpoint; the

shorter time will be used. Although measured in seconds, it is com-

mon to use time periods of several hours, such 28,800 seconds.

DH Group Select the desired method, and ensure the remote VPN endpoint uses

the same method. The smaller bit size is slightly faster.

IKE PFS If enabled, PFS (Perfect Forward Security) enhances security by

changing the IPsec key at regular intervals, and ensuring that each

key has no relationship to the previous key. Thus, breaking 1 key

will not assist in breaking the next key.

This setting should match the remote endpoint.

Click Next to see the following IKE Phase 2 screen.

Figure 53: VPN Wizard - IKE Phase 2

IKE Phase 2 (IPsec SA)

IPsec SA Life Time This setting does not have to match the remote VPN endpoint; the

shorter time will be used. Although measured in seconds, it is

common to use time periods of several hours, such 28,800 seconds.

IPSec PFS If enabled, PFS (Perfect Forward Security) enhances security by

changing the IPsec key at regular intervals, and ensuring that each

key has no relationship to the previous key. Thus, breaking 1 key

will not assist in breaking the next key.

AH Authentication

AH (Authentication Header) specifies the authentication protocol

for the VPN header, if used.

AH is often NOT used. If you do enable it, ensure the algorithm

selected matches the other VPN endpoint.

78

Contents

Main LevelOne FBR-1404TX Broadband VPN Gateway w/ 4-port Switch Users Manual Table of Contents Page Chapter 1 Introduction LevelOne Broadband VPN Gateway Features Internet Access Features Advanced Internet Functions LAN Features Configuration & Management Security Features VPN Gateway Features Package Contents Physical Details Front-mounted LEDs Rear Panel Chapter 2 Installation Requirements Procedure 1. Choose an Installation Site 2. Connect LAN Cables 3. Connect WAN Cable 4. Power Up 5. Check the LEDs Chapter 3 Setup Configuration Program Preparation Using UPnP Using your Web Browser If you can't connect Setup Wizard Common Connection Types Cable Modems DSL Modems Other Modems (e.g. Broadband Wireless) Big Pond Cable (Australia) SingTel RAS Home Screen Navigation & Data Input LAN Screen Data - LAN Screen DHCP What DHCP Does Using the LevelOne Broadband VPN Gateway 's DHCP Server Using another DHCP Server To Configure your PCs to use DHCP Password Screen Chapter 4 PC Configuration Overview Windows Clients TCP/IP Settings - Overview If using a Fixed (specified) IP address, the following changes are re- quired: Checking TCP/IP Settings - Windows 9x/ME: Using DHCP Using "Specify an IP Address" Page Page Obtain an IP address from a DHCP Server Specify an IP Address Page Page Checking TCP/IP Settings - Windows 2000: Using DHCP Using a fixed IP Address ("Use the following IP Address") Checking TCP/IP Settings - Windows XP Using DHCP Using a fixed IP Address ("Use the following IP Address") Internet Access For Windows 9x/ME/2000 For Windows XP Accessing AOL Macintosh Clients Note: Linux Clients Fixed IP Address To act as a DHCP Client (recommended) Operation and Status Operation Status Screen Data - Status Screen Connection Status - PPPoE Data - PPPoE Screen Connection Log Messages Connection Status - PPTP Data - PPTP Screen Connection Status - Telstra Big Pond Data - Telstra Big Pond Screen Connection Details - SingTel RAS Data - SingTel RAS Screen Page Connection Details - Fixed/Dynamic IP Address Data - Fixed/Dynamic IP address Screen Page Chapter 6 Internet Features WAN Port Configuration Screen Data - WAN Port Screen Page Advanced Internet Screen Communication Applications Special Applications Special Applications Screen Data - Special Applications Screen Using a Special Application DMZ URL Filter URL Filter Screen Data - URL Filter Screen Dynamic DNS (Domain Name Server) Dynamic DNS Screen Data - Dynamic DNS Screen Page Virtual Servers IP Address seen by Internet Users Virtual Servers Screen Data - Virtual Servers Screen Defining your own Virtual Servers Connecting to the Virtual Servers Internet Options Data - Options Screen Chapter 7 Security Configuration Access Control To use this feature: Access Control Screen Data - Access Control Screen Page Group Members Screen Access Control Log Firewall Rules Firewall Rules Screen Data - Firewall Rules Screen Page Firewall Rule Data - Firewall Rule Screen Page Logs Data - Logs Screen Page Security Options Data - Security Options Screen Page Scheduling Define Schedule Screen Data - Define Schedule Screen Services Data - Services Screen Page Chapter 8 VPN IPSec IKE Policies VPN Configuration Common VPN Situations VPN Pass-through Client PC to VPN Gateway Connecting 2 LANs via VPN VPN Policies VPN Policies Screen Data - VPN Policies Screen Adding a New Policy Page Page Page Page Page Page Page Certificates Adding a Trusted Certificate Adding a Self Certificate Page Page CRLs To add a New CRL VPN Status Data - VPN Status Screen Examples Example 1: Connecting 2 LevelOne Broadband VPN Gateways Note Configuration Settings Page Example 2: Windows 2000/XP Client to LAN LevelOne Broadband VPN Gateway Configuration Windows Client Configuration Page Page Page Page Page Page Page Page Page Page Page Configuration is now complete. Example 3: Windows 2000 Server to VPN Gateway LevelOne Broadband VPN Gateway Configuration Windows 2000 Server Configuration Chapter 9 Other Features and Settings PC Database PC Database Screen Data - PC Database Screen PC Database (Admin) Data - PC Database ( Admin) Screen Page Remote Administration Data - Remote Administration Screen To connect from a remote PC via the Internet Routing Overview Routing Screen Using this Screen Static Routing Table Data - Routing Screen Configuring Other Routers on your LAN Local Router Other Routers on the Local LAN Static Routing - Example For the LevelOne Broadband VPN Gateway 's Routing Table For Router A's Default Route For Router B's Default Route Upgrade Firmware To perform the Firmware Upgrade: UPnP Data - UPNP Screen A Appendix A Troubleshooting Overview General Problems Internet Access Page B Appendix B Specifications LevelOne Broadband VPN Gateway FCC Statement FCC Radiation Exposure Statement CE Marking Warning