Chapter 3

Advanced Configuration

for a specific computer on the Internet (for example: vpn.myvpnserver.com).

Any

The remote VPN Router will accept a request from any IP address. The remote VPN device can be another VPN Router, a VPN server, or a computer with VPN client software that supports IPSec. If the remote user has an unknown or dynamic IP address (such as a professional on the road or a telecommuter using DHCP or PPPoE), then select this option.

Encryption  Encryption helps make your connection more secure. Select DES or 3DES. 3DES is recommended because it is more secure. Both ends of the tunnel can also choose to disable encryption.

NOTE: The encryption method you select must match the encryption method on the remote VPN device.

Authentication  Authentication acts as another level of security. Select MD5 or SHA. SHA is recommended because it is more secure. Both ends of the tunnel can also choose to disable authentication.

NOTE: Then authentication method you select must match the authentication method on the remote VPN device.

Key Management

In order for any encryption to occur, the two ends of a VPN tunnel must agree on the methods of encryption, decryption, and authentication. This is done by sharing a key to the encryption code. For key management, the default is Auto (IKE). To generate the key yourself, select Manual. Follow the instructions for the Key Management option you have selected.

Remote Security Group Type > IP

Auto (IKE)

IKE is an Internet Key Exchange protocol used to negotiate key material for Security Association (SA). IKE uses the Preshared Key to authenticate the remote IKE peer.

Perfect Forward Secrecy  If the Perfect Forward Secrecy (PFS) feature is enabled, IKE Phase 2 negotiation will generate new key material for IP traffic encryption and authentication, so hackers using brute force to break

encryption keys will not be able to obtain future IPSec keys. Select Enabled to ensure that the initial key exchange and IKE proposals are secure.

Pre-shared Key  This specifies the pre-shared key used to authenticate the remote IKE peer. Based on this Pre- shared key, a key is generated to encrypt the data being transmitted over the tunnel; at the end of the tunnel, the key is decrypted. Enter a key of up to 24 alphanumeric characters. No special characters or spaces are allowed. Both ends of the VPN tunnel must use the same Pre- shared Key. It is strongly recommended that you change the Preshared Key periodically to maximize VPN security.

Key Lifetime  Enter the number of seconds you want the key to last before it expires. Leave the field blank for the key to last indefinitely. The default is 3600 seconds.

Manual

No key negotiation is needed. Manual key management is used in small static environments or for troubleshooting purposes.

Encryption Key  This field specifies a key used to encrypt and decrypt IP traffic. Enter a key of up to 24 alphanumeric characters. Make sure both ends of the VPN tunnel use the same Encryption Key.

Authentication Key  This field specifies a key used to authenticate IP traffic. Enter a key of up to 20 alphanumeric characters. Make sure both ends of the VPN tunnel use the same Authentication Key.

Inbound SPI  Enter the Inbound SPI value (numbers only). This must match the Outbound SPI value of the remote VPN device. After you click Save Settings, hexadecimal characters (a series of letters and numbers) are displayed in this field.

Outbound SPI  Enter the Outbound SPI value (numbers only). This must match the Inbound SPI value of the remote VPN device. After you click Save Settings, hexadecimal characters (a series of letters and numbers) are displayed in this field.

Status

The status of the VPN tunnel is displayed.

To create a VPN tunnel, click Connect. To display VPN activity on a separate screen, click View Logs. The VPN Log screen displays connections, transmissions, receptions, and encryption methods (this is available if you enable the log function on the Administration > Log screen). For more advanced VPN options, click Advanced Setting.

Advanced Setting

For most users, the settings on the VPN page should suffice; however, the Router provides advanced IPSec settings for advanced users.

EtherFast Cable/DSL VPN Router with 4-Port Switch

11

Page 14 Page 16
Page 15
Image 15
Linksys BEFVP41 manual Key Management, Status, Advanced Setting, Auto IKE, Manual
Page 14 Page 16

BEFVP41 specifications

The Linksys BEFVP41 is a sophisticated yet user-friendly VPN router designed primarily for small office and home office networks. Known for its robust performance and versatility, it stands out as a solid choice for users looking to enhance their network security and connectivity.

One of its key features is the built-in VPN support, which allows users to establish secure connections to remote networks or clients. The BEFVP41 supports up to 50 simultaneous VPN connections, making it an excellent option for small businesses that require secure remote access for their employees without compromising on speed or reliability.

The router employs advanced security protocols including IPsec, which is well-known for ensuring encrypted communication over the internet. This level of security enables users to safeguard sensitive data and maintain privacy while accessing their networks remotely, critical for businesses that handle confidential information.

In terms of connectivity, the BEFVP41 is equipped with four Ethernet ports that support 10/100 Mbps speeds, allowing for high-speed wired connections. It also features a WAN port for connection to a broadband modem, ensuring a fast and stable internet connection. The router supports various connection types, including DHCP, static IP, and PPPoE, making it versatile for different networking environments.

Additional features include a user-friendly web-based interface, which simplifies the setup and configuration process for users. This intuitive design is combined with powerful QoS (Quality of Service) capabilities, enabling prioritized bandwidth allocation to specific applications or users, ensuring that critical business applications have the necessary speeds and reliability.

The BEFVP41 also offers dynamic DNS support, which allows users to access their home or office network using a domain name instead of remembering an IP address. Moreover, it includes a DHCP server for automated IP address assignment, making network management more streamlined.

Overall, the Linksys BEFVP41 combines essential networking technologies and security features into a compact design suitable for any small business or home office environment. With its robust performance, extensive VPN capabilities, and user-friendly interface, it caters effectively to the diverse needs of modern network requirements. The BEFVP41 is a reliable solution for those looking to enhance their connectivity while maintaining security and ease of use.
Top Page Image Contents