Windows Client Configuration | LevelOne FBR-1404TX specification

VPN

DH Group	Group 1 (768 bit)	Must match client PC

IKE SA Life time	28800	Does not have to match client PC. Shorter
		period will be used.

IKE PFS	Disable	Must match client PC

IPSec SA Parameters

IPSec SA Life time	28800	Do not have to match. Shorter period will be
		used.

IPSec PFS	Disable	Must match client PC

AH authentication	Disabled	AH is rarely used

ESP authentication	Enable/MD5	Must match client PC

ESP encryption	Enable/DES	Must match client PC

Windows Client Configuration

1.Select Start - Programs - Administrative Tools - Local Security Policy.

2.Right click IP Security Policy on Local Machine and select Create IP Security Policy

Figure 64: Windows 2000/XP - Local Security Settings

3.Click "Next", then enter a policy name, for example "DUT To Win2K", then click "Next".

4.Step through the Wizard:

•Deselect Activate the default response rule. Click "Next",

•Leave Edit Properties checked. Click "Finish".

5.The following "Properties - Rules" screen will be displayed.

89

Image 92

LevelOne FBR-1404TX user manual Windows Client Configuration, Windows 2000/XP Local Security Settings

Contents

LevelOne Table of Contents Remote Administration Upgrade FirmwareGeneral Problems Internet Access LevelOne Broadband VPN Gateway Features Internet Access Features LAN Features Configuration & ManagementSecurity Features Advanced Internet Functions Package Contents Physical Details Front-mounted LEDs Rear Panel Procedure Choose an Installation SiteRequirements Connect LAN Cables Check the LEDs Power UpConnect WAN Cable Overview To Do this Refer to Preparation Configuration ProgramUsing UPnP Using your Web Browser If you cant connect Setup Wizard Common Connection TypesCable Modems DSL Modems SingTel RAS Other Modems e.g. Broadband WirelessBig Pond Cable Australia Home Screen Navigation & Data Input Buttons LAN ScreenData LAN Screen Using the LevelOne Broadband VPN Gateway s Dhcp Server Using another Dhcp ServerTo Configure your PCs to use Dhcp What Dhcp Does Password Screen TCP/IP Settings Overview Windows Clients Using Specify an IP Address Checking TCP/IP Settings Windows 9x/MEUsing Dhcp Gateway Tab Win 95/98 Checking TCP/IP Settings Windows NT4.0 Windows NT4.0 TCP/IP Obtain an IP address from a Dhcp Server Specify an IP Address Windows NT4.0 Add Gateway Windows NT4.0 DNS Checking TCP/IP Settings Windows Network Configuration Win Using a fixed IP Address Use the following IP Address TCP/IP Properties Win Checking TCP/IP Settings Windows XP Network Configuration Windows XP TCP/IP Properties Windows XP Internet Access Accessing AOLFor Windows 9x/ME/2000 For Windows XP Macintosh Clients Linux ClientsOther Unix Systems Fixed IP Address Operation Status Screen System Data Status ScreenInternet Connection Status PPPoE Data PPPoE ScreenConnection Connection Log Connection Log Messages Message Description Pptp Status Connection Status PptpData Pptp Screen Connection Status Connection Status Telstra Big PondData Telstra Big Pond Screen RAS Plan Connection Details SingTel RASData SingTel RAS Screen Default Gateway DNS IP AddressDhcp Client Release/Renew Connection Details Fixed/Dynamic IP Address Data Fixed/Dynamic IP address Screen Update the data shown on screen Internet Features WAN Port Configuration Screen Data WAN Port ScreenIdentification IP Address Login Advanced Internet Screen Communication ApplicationsMAC Address Communication Applications Special Applications Special Applications ScreenData Special Applications Screen Send incoming calls to Using a Special Application IncomingPorts Outgoing URL Filter URL Filter ScreenData URL Filter Screen Filter Strings Ddns Service Dynamic DNS Domain Name ServerDynamic DNS Screen Data Dynamic DNS Screen Password Domain Name Ddns DataUser Name Ddns Status Virtual Servers IP Address seen by Internet Users Connecting to the Virtual Servers Virtual Servers ScreenDefining your own Virtual Servers Data Virtual Servers Screen Backup DNS Internet OptionsData Options Screen MTU size Security Configuration Access Control Access Control ScreenTo use this feature Data Access Control Screen Internet Access Access Control Log Group Members ScreenDate/Time Source IP address This feature is for advanced administrators only Firewall RulesFirewall Rules Screen Data Firewall Rules Screen Data EditMove Delete Firewall Rule Data Firewall Rule ScreenType Source IP Log Dest IPAction Data Logs Screen Enable LogsLogs Mail Logs Syslog Server SPI Firewall Security OptionsData Security Options Screen Options Data Define Schedule Screen SchedulingDefine Schedule Screen Services Data Services ScreenAvailable Services Add New Service Cancel LevelOne Broadband VPN Gateway always uses Tunnel Mode IPSec VPN Configuration Policies Client PC to VPN Gateway Common VPN SituationsVPN Pass-through Connecting 2 LANs via VPN Connecting 2 VPN Gateways VPN Policies VPN Policies ScreenData VPN Policies Screen VPN List Copy Enable/DisableAdding a New Policy General Settings Enable PolicyEndpoint Keys VPN Wizard Traffic Selector Local IP addresses Remote IP addresses Manual Key Exchange ESP Authentication Tion is enabledManually assigned Keys ESP Encryption IKE Phase IKE Phase 1 IKE SA IKE Phase 2 IPsec SA Want to enable both ESP Encryption and ESP Authentication Self Certificates CertificatesTrusted Certificates Adding a Trusted Certificate Adding a Self Certificate Signature Key Length Hash AlgorithmSignature Algorithm Add Self Certificate CRLs To add a New CRL Current VPN SAs VPN StatusData VPN Status Screen Example 1 Connecting 2 LevelOne Broadband VPN Gateways Configuration SettingsSetting LAN a Gate LAN B Gate Way Examples DES IPSec SA Parameters Example 2 Windows 2000/XP Client to LAN LevelOne Broadband VPN Gateway ConfigurationSetting Value Windows Client Configuration Windows 2000/XP Local Security Settings Windows 2000/XP Policy Properties Filter Properties Addressing New Rule Properties Filter Action VPN Setting Windows Setting Modify Security Method Tunnel Setting Windows 2000/XP Client to LevelOne Broadband VPN Gateway Filter List Filter Action Modify Security Method DUT to Win2K Properties Properties General Tab Key Exchange Security Methods IKE Security Algorithms Setting Single Client Server/Gateway Example 3 Windows 2000 Server to VPN Gateway Windows 2000 Server Configuration Windows 2000 Server Addressing Administration UpgradeRemote Firmware PC Database PC Database Screen Data PC Database Screen Known PCsGenerate Report Advanced PC Properties PC Database AdminData PC Database Admin Screen Update Selected Add as NewEntry Clear Form Remote Administration Data Remote Administration ScreenRemote Administration To connect from a remote PC via the Internet Using this Screen RoutingOverview Routing Screen Data Routing Screen Static Routing Other Routers on the Local LAN Configuring Other Routers on your LANLocal Router For Router As Default Route For Router Bs Default RouteStatic Routing Example For the LevelOne Broadband VPN Gateway s Routing Table Upgrade Firmware To perform the Firmware Upgrade UPnP UPnPData Upnp Screen General Problems Internet Access Appendix a Troubleshooting LevelOne Broadband VPN Gateway FCC Statement CE Marking Warning FCC Radiation Exposure Statement