Linksys AG241 Advanced VPN Tunnel Setup

Chapter 5: Configuring the Gateway

The Security Tab

ADSL2 Gateway with 4-Port Switch

Manual

Select Manual, then select the Encryption Algorithm from the drop-down menu. Enter the Encryption Key in

the field (if you chose DES for your Encryption Algorithm, enter 16 hexadecimal characters, if you chose 3DES,

enter 48 hexadecimal characters). Select the Authentication Algorithm from the drop-down menu. Enter the

Authentication Key in the field (if you chose MD5 for your Authentication Algorithm, enter 32 hexadecimal

characters, if you chose SHA1, enter 40 hexadecimal characters). Enter the Inbound and Outbound SPIs in the

respective fields.

• Status. The status of the connection is shown.

Click the Connect button to connect your VPN tunnel. Click View Logs to view system, UPnP, VPN, firewall,

access, or all logs.Click the Advanced Settings button and the Advanced IPSec VPN Tunnel Setup screen will

appear.

When finished making your changes on this tab, click the Save Settings button to save these changes, or click

the Cancel Changes button to undo your changes.

Advanced VPN Tunnel Setup

From the Advanced IPSec VPN Tunnel Setup screen you can adjust the settings for specific VPN tunnels.

Phase 1

• Phase 1 is used to create a security association (SA), often called the IKE SA. After Phase 1 is completed,

Phase 2 is used to create one or more IPSec SAs, which are then used to key IPSec sessions.

• Operation Mode. There are two modes: Main and Aggressive, and they exchange the same IKE payloads in

different sequences. Main mode is more common; however, some people prefer Aggressive mode because it

is faster. Main mode is for normal usage and includes more authentication requirements than Aggressive

mode. Main mode is recommended because it is more secure. No matter which mode is selected, the VPN

Gateway will accept both Main and Aggressive requests from the remote VPN device.

• Encryption. Select the length of the key used to encrypt/decrypt ESP packets. There are two choices: DES and

3DES. 3DES is recommended because it is more secure.

• Authentication. Select the method used to authenticate ESP packets. There are two choices: MD5 and SHA.

SHA is recommended because it is more secure.

• Group. There are two Diffie-Hellman Groups to choose from: 768-bit and 1024-bit. Diffie-Hellman refers to a

cryptographic technique that uses public and private keys for encryption and decryption.

Figure 5-17: Manual Key Management

Figure 5-18: System Log