Chapter 4

Advanced Configuration

Remote Security Gateway Type > Dynamic IP + Domain Name(FQDN)

Authentication

DomainName  Enterthedomainnameforauthentication. (Once used, you cannot use it again to create a new tunnel connection.)

Dynamic IP + E-mail Addr.(USER FQDN) Authentication

The Remote Security Gateway will be a dynamic IP address, so you do not need to enter the IP address. When the Remote Security Gateway requests to create a tunnel with the Router, the Router will work as a responder.

Remote Security Gateway Type > Dynamic IP + E-mail Addr.(USER

FQDN) Authentication

E-mail address  Enter the e-mail address for authentication.

Remote Security Group Type

Select the Remote Security Group behind the Remote Gateway that can use this VPN tunnel. Select the type you want to use: IP, Subnet, or IP Range. Follow the instructions for the type you want to use.

NOTE: The Remote Security Group Type you select should match the Local Security Group Type selected on the VPN device at the other end of the tunnel.

After you have selected the Remote Security Group Type, the settings available on this screen may change, depending on which selection you have made.

IP

Only the computer with a specific IP address will be able to access the tunnel.

Remote Security Group Type > IP

IP address  Enter the appropriate IP address. Subnet

The default is Subnet. All computers on the remote subnet will be able to access the tunnel.

Remote Security Group Type > Subnet

IP address  Enter the IP address.

Subnet Mask  Enter the subnet mask. The default is 255.255.255.0.

IP Range

Specify a range of IP addresses within a subnet that will be able to access the tunnel.

Remote Security Group Type > IP Range

IP range  Enter the range of IP addresses.

IPSec Setup

In order for any encryption to occur, the two ends of a VPN tunnel must agree on the methods of encryption, decryption, and authentication. This is done by sharing a key to the encryption code. For key management, the default mode is IKE with Preshared Key.

Keying Mode  Select IKE with Preshared Key or Manual. Both ends of a VPN tunnel must use the same mode of key management. After you have selected the mode, the settings available on this screen may change, depending on the selection you have made. Follow the instructions for the mode you want to use.

IKE with Preshared Key

IKE is an Internet Key Exchange protocol used to negotiate key material for Security Association (SA). IKE uses the Preshared Key to authenticate the remote IKE peer.

Phase 1 DH Group  Phase 1 is used to create the SA. DH (Diffie-Hellman) is a key exchange protocol used during Phase 1 of the authentication process to establish pre- shared keys. There are three groups of different prime key lengths. Group 1 is 768 bits, and Group 2 is 1,024 bits. Group 5 is 1,536 bits. If network speed is preferred, select Group 1. If network security is preferred, select Group 5.

Phase 1 Encryption  Select a method of encryption: DES (56-bit), 3DES (168-bit), AES-128(128-bit), AES-192(192- bit), or AES-256(256-bit). The method determines the length of the key used to encrypt or decrypt ESP packets. AES-256 is recommended because it is the most secure. Make sure both ends of the VPN tunnel use the same encryption method.

Phase 1 Authentication  Select a method of authentication, MD5 or SHA. The authentication method determines how the ESP packets are validated. MD5 is

10/100 4-Port VPN Router

38

Page 44 Page 46
Page 45
Image 45
Linksys RV042 manual IPSec Setup, IKE with Preshared Key, Remote Security Group Type
Page 44 Page 46

RV042 specifications

The Linksys RV042 is a robust and versatile VPN router designed for small to medium-sized businesses, offering a wide array of features that cater to networking demands. Boasting dual WAN ports, the RV042 allows users to have two internet connections, providing load balancing and failover capabilities. This means that the router can automatically switch to a secondary Internet connection if the primary fails, ensuring uninterrupted connectivity crucial for business operations.

A key feature of the RV042 is its support for Virtual Private Networking (VPN). It can accommodate up to 50 VPN tunnels simultaneously, enabling secure remote access for employees who need to connect to the office network from various locations. The router supports both PPTP and L2TP/IPsec protocols, which provide a layer of encryption, ensuring that data remains secure while transmitted over public networks.

In terms of connectivity, the Linksys RV042 is equipped with four Ethernet ports, supporting speeds of up to 1 Gbps through its LAN (Local Area Network) connections. This allows for high-speed data transfer within the office premises, making it suitable for bandwidth-intensive applications such as video conferencing and large file transfers. Additionally, the router features an integrated firewall, which helps protect the network from external threats by filtering incoming and outgoing traffic.

The RV042 also excels in its Quality of Service (QoS) capabilities, which enable users to prioritize traffic for more critical applications. This is particularly beneficial in environments where multiple applications rely on the same bandwidth, allowing businesses to maintain optimal performance for essential tasks.

For businesses looking to manage their network more effectively, the RV042 offers a web-based interface that simplifies configuration and monitoring. The user-friendly dashboard allows administrators to track network usage, configure access controls, and set up security measures easily.

Overall, the Linksys RV042 VPN router stands out for its reliability, security features, dual WAN support, and ease of management. It is an excellent choice for organizations that require a secure, stable, and high-performance networking solution, enabling seamless connectivity and productivity in an increasingly digital business landscape.
Top Page Image Contents