10/100 16-Port VPN Router

After you have selected the Keying Mode, the settings available on this screen may change, depending on which selection you have made.

IKE with Preshared Key

IKE is an Internet Key Exchange protocol used to negotiate key material for Security Association (SA). IKE uses the Preshared Key to authenticate the remote IKE peer.

Phase 1 DH Group. Phase 1 is used to create the SA. DH (Diffie-Hellman) is a key exchange protocol used during Phase 1 of the authentication process to establish pre-shared keys. There are three groups of different prime key lengths. Group 1 is 768 bits, and Group 2 is 1,024 bits. Group 5 is 1,536 bits. If network speed is preferred, select Group 1. If network security is preferred, select Group 5.

Phase 1 Encryption. Select a method of encryption, DES or 3DES. The encryption method determines the length of the key used to encrypt or decrypt ESP packets. DES uses 56-bit encryption, and 3DES uses168-bit encryption. 3DES is recommended because it is more secure. Make sure both ends of the VPN tunnel use the same encryption method.

Phase 1 Authentication. Select a method of authentication, MD5 or SHA. The authentication method determines how the ESP packets are validated. MD5 is a one-way hashing algorithm that produces a 128-bit digest. SHA is a one-way hashing algorithm that produces a 160-bit digest. SHA is recommended because it is more secure. Make sure both ends of the VPN tunnel use the same authentication method.

Phase 1 SA Life Time. Configure the length of time a VPN tunnel is active in Phase 1. The default value is 28800 seconds.

Perfect Forward Secrecy. If the Perfect Forward Secrecy (PFS) feature is enabled, IKE Phase 2 negotiation will generate new key material for IP traffic encryption and authentication, so hackers using brute force to break encryption keys will not be able to obtain future IPSec keys.

Phase 2 DH Group. If the Perfect Forward Secrecy feature is disabled, then no new keys will be generated, so you do not need to set the Phase 2 DH Group (the key for Phase 2 will match the key in Phase 1). There are three groups of different prime key lengths. Group 1 is 768 bits, and Group 2 is 1,024 bits. Group 5 is 1,536 bits. If network speed is preferred, select Group 1. If network security is preferred, select Group 5. You do not have to use the same DH Group that you used for Phase 1.

Phase 2 Encryption. Phase 2 is used to create one or more IPSec SAs, which are then used to key IPSec sessions. Select a method of encryption, DES or 3DES. The encryption method determines the length of the key used to encrypt or decrypt ESP packets. DES uses 56-bit encryption, and 3DES uses 168-bit encryption. 3DES is recommended because it is more secure. If you enable the AH Hash Algorithm on the Advanced screen, then it is recommended to select Null to disable the encryption and decryption of ESP packets in

Chapter 6: Setting up and Configuring the Router

Figure 6-88: IPSec Setup - IKE with

Preshared Key

64

VPN Tab - Client to Gateway

Page 75
Image 75
Linksys RV016 manual IPSec Setup IKE with Preshared Key

RV016 specifications

The Linksys RV016 is a robust VPN router designed for small to medium-sized businesses, providing secure and reliable network connectivity. This device offers versatile features, catering to the demands of advanced users while maintaining ease of use for those less experienced with networking technologies.

One of the standout characteristics of the Linksys RV016 is its ability to handle multiple WAN connections. It features dual WAN ports, which enable load balancing and failover support. This ensures that in the event one internet connection fails, the other takes over seamlessly, minimizing downtime and enhancing productivity. The RV016 is equipped with eight Ethernet ports, providing sufficient connectivity for various devices within an office environment.

Security is a paramount consideration in the design of the RV016. The device supports a robust VPN (Virtual Private Network) capability, allowing secure remote access for employees working from home or traveling. The router supports both IPSec and PPTP VPN protocols, ensuring versatile and secure communication channels. Additionally, it offers advanced firewall features, including stateful packet inspection (SPI) and denial-of-service (DoS) attack prevention, which safeguard the network from unauthorized access and external threats.

Linksys has also incorporated Quality of Service (QoS) features into the RV016, allowing users to prioritize their network traffic. This is particularly useful for businesses that rely on voice over IP (VoIP) services or have high bandwidth applications, ensuring that critical applications receive the necessary bandwidth for optimal performance.

The RV016 supports a variety of network management protocols, including DHCP, DNS, and static routing, making it easy to integrate into existing network infrastructures. Its web-based interface simplifies configuration and management, enabling IT staff to efficiently set up network parameters without the need for extensive training.

In summary, the Linksys RV016 stands out as a feature-rich VPN router that combines security, reliability, and ease of use. Its multiple WAN support, advanced security features, and network management capabilities make it an ideal choice for businesses seeking a dependable networking solution. Whether handling remote access or managing network performance, the RV016 provides the necessary tools to keep business operations running smoothly.