Introduction, Environment | Linksys BEFSX41 specs

Instant Broadband® Series

Appendix C: Configuring IPSec between a Windows 2000 or XP PC and the Firewall Router

Introduction

This document demonstrates how to establish a secure IPSec tunnel using pre- shared keys to join a private network inside the Firewall Router and a Microsoft Windows 2000 or XP PC. You can find detailed information on configuring the Microsoft Windows 2000 server at the Microsoft website:

Microsoft KB Q252735 - How to Configure IPSec Tunneling in Windows 2000 http://support.microsoft.com/support/kb/articles/Q252/7/35.asp

Microsoft KB Q257225 - Basic IPSec Troubleshooting in Windows 2000 http://support.microsoft.com/support/kb/articles/Q257/2/25.asp

Environment

The IP addresses and other specifics mentioned in this appendix are for illus- tration purposes only.

Windows 2000 or Windows XP

IP Address: 140.111.1.2 <= User ISP provides IP Address; this is only an example.

Subnet Mask: 255.255.255.0

BEFSX41

WAN IP Address: 140.111.1.1 <= User ISP provides IP Address; this is only an example.

Subnet Mask: 255.255.255.0

LAN IP Address: 192.168.1.1

Subnet Mask: 255.255.255.0

EtherFast® Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint

Note: Keep a record of any changes you make. Those changes will be identical in the Windows “secpol” application and the Router’s Web- Based Utility.

Step One: Create an IPSec Policy

1.Click the Start button, select Run, and type secpol.msc in the Open field. The Local Security Setting screen will appear as shown in Figure C-1.

Figure C-1

2.Right-clickIP Security Policies on Local Computer, and click Create IP Security Policy.

3.Click the Next button, and then enter a name for your policy (for example, to_router). Then, click Next.

4.Deselect the Activate the default response rule check box, and then click the Next button.

5.Click the Finish button, making sure the Edit check box is checked.

98

99

Image 53

Linksys BEFSX41 manual Introduction, Environment, Windows 2000 or Windows XP, Step One Create an IPSec Policy

Contents

User Guide Copyright & Trademarks Table of Contents Environmental 139 FeaturesIntroduction IP Addresses An Introduction to LANs and WANs Your Virtual Private Network VPN Network Setup OverviewWhy Do I Need a VPN? Firewall Router to Firewall Router What is a Virtual Private Network? Router’s Back Panel PowerModem connection will not work from any other port Ports Proceed to Connect the Router WAN and LAN LEDsRouter’s Front Panel LEDs Router’s hardware installation is now complete Connecting Your Hardware Together and Booting UpConnect the Router Overview Configuring Windows 95, 98, and Millennium PCs Configure the PCs Configuring Windows 2000 PCs Go to Configure the Router Configuring Windows XP PCs Configure the Router Static IP Address Obtain an IP Address AutomaticallyAdvanced Proxies. Click Direct Connection to the Internet Enter the Gateway Address RAS PPPoE Cable/DSL Firewall Router’s Web-based Utility Quick and Easy Router Administration Setup Static IP User Name and Password WAN IP Firewall Block WAN Request Remote UpgradeMulticast Pass Through IPSec Pass Through VPN Establishing a Tunnel Local Secure Group and Remote Secure Group Remote Security Gateway Key Management AuthenticationEncryption Instant Broadband Series Phase Advanced Settings for Selected IPSec Tunnel Password Other Settings Status Dhcp Log Help Filters Advanced Instant Broadband Series Forwarding UPnP Forwarding Port Triggering Static Routing Dynamic Routing DMZ Host Address DMZ HostDMZ Port MAC Address Clone Current DMZ Host Ddns DynDNS.org TZO.com Appendix a TroubleshootingCommon Problems and Solutions For Windows 95, 98, and Me For Windows NTFor Windows XP For Windows XP Am not able to access the Router’s web interface Setup Can’t get the Internet game, server, or application to work To start over, I need to set the Router to factory default Need to use port triggering Click the Advanced = Filter tab Frequently Asked Questions TCP/IP is compatible with the Router Appendix B Maximizing VPN Security Environment IntroductionWindows 2000 or Windows XP Step One Create an IPSec Policy IP Address Filter List 1 win-routerStep Two Build Filter Lists Figure C-6 Filter List 2 router=win Tunnel 1 win-router Step Three Configure Individual Tunnel Rules String to Protect Negotiate Security Key exchange pre Respond Using IPSec XYZ12345. ClickShared key, as shown Accept Tunnel 2 router-win Key Exchange Action Require Security This string to protectPreshared key, XYZ12345 Step Four Assign New IPSec Policy Figure C-24 Figure C-28 Step Five Create a Tunnel Through the Web-based Utility Appendix D Snmp Functions Appendix E How to Ping Your ISP’s E-mail & Web Addresses Figure E-1 TCP/IP installation is now complete Appendix F Installing the TCP/IP Protocol For Windows NT, 2000, and XP Figure G-1 Figure G-5 Appendix H Glossary 129 131 133 135 137 Environmental Appendix I Specifications Appendix K Contact Information Appendix J Warranty InformationSales Information Web FTP Site Copyright 2003 Linksys, All Rights Reserved