Manuals / Brands / Household Appliance / Thermostat / Planet Technology / Household Appliance / Thermostat

Planet Technology VRT-311, VRT-311S IPSec PFS, ESP Encryption, AH Authentication, IKE Phase 2 Screen, IPsec SA Life Time, ESP Authentication, IKE Phase 2 (IPsec SA)

1 147

Download 147 pages, 2.66 Mb

Microsoft VPN

IKE Phase 2 Screen

This screen sets the parameters for the IPSec SA. When using IKE, there are separate connections (SAs) for IKE and IPSec.

Figure56: VPN Wizard - IKE Phase 2 ScreenIKE Phase 2 (IPsec SA)

IPsec SA Life Time	This setting does not have to match the remote VPN endpoint; the
	shorter time will be used. Although measured in seconds, it is
	common to use time periods of several hours, such 28,800 seconds.

IPSec PFS	If enabled, PFS (Perfect Forward Security) enhances security by
	changing the IPsec key at regular intervals, and ensuring that each
	key has no relationship to the previous key. Thus, breaking 1 key
	will not assist in breaking the next key.

AH Authentication	AH (Authentication Header) specifies the authentication protocol
	for the VPN header, if used.
	AH is often NOT used. If you do enable it, ensure the algorithm
	selected matches the other VPN endpoint.

ESP Encryption	ESP (Encapsulating Security Payload) provides security for the
	payload (data) sent through the VPN tunnel. Generally, you will
	want to enable both ESP Encryption and ESP Authentication.

Select the desired method, and ensure the remote VPN endpoint uses the same method.

∙The 3DES algorithm provides greater security than DES, but is slower.

∙If using AES, you must select the Key Size. If using DES or 3DES, this field is ignored.

ESP Authentication Generally, you should enable ESP Authentication. There is little difference between the available algorithms. Just ensure each endpoint use the same setting.

85

Contents

Page Page Page Page Introduction Internet Access Features Advanced Internet Functions LAN Features Configuration & Management Security Features IPSec VPN Gateway Features Microsoft VPN Gateway Support Front-mountedLEDs PPPoE Rear Panel Using the DMZ Port Installation 3. Connect WAN Cable 4. Power Up 5. Check the LEDs Setup Preparation Using your Web Browser HTTP://192.168.0.1 If you can't connect ping Figure 7: Password Dialog Admin Login Common Connection Types Other Modems (e.g. Broadband Wireless) Big Pond Cable (Australia) SingTel RAS Home Screen LAN Screen Figure 9: LAN Screen Data - LAN Screen TCP/IP Subnet Mask DHCP PC Configuration TCP/IP Settings - Overview Checking TCP/IP Settings - Windows 9x/ME: Figure 32: Gateway Tab (Win 95/98) Figure 3: DNS Tab (Win 95/98) Checking TCP/IP Settings - Windows NT4.0 Obtain an IP address from a DHCP Server Specify an IP Address Figure 16: Windows NT4.0 - Add Gateway Figure17: Windows NT4.0 - DNS Checking TCP/IP Settings - Windows 2000: Using a fixed IP Address ("Use the following IP Address") Checking TCP/IP Settings - Windows XP Figure21: TCP/IP Properties (Windows XP) Internet Access Macintosh Clients Note: Linux Clients Ensure you are logged in as "root" before attempting any changes Fixed IP Address Operation and Status Data - Status Screen Internet Connection Method Broadband Modem Internet Connection Connection Status - PPPoE Figure23: PPPoE Status Screen Data - PPPoE Screen Connection Physical Address Connect Disconnect Clear Log Refresh Connection Log Messages Connection Status - PPTP Figure24: PPTP Status Screen Data - PPTP Screen PPTP Status Connection Status - Telstra Big Pond Figure25: Telstra Big Pond Status Screen Data - Telstra Big Pond Screen Connection Status Connection Details - SingTel RAS Figure26: Connection Details - SingTel RAS Data - SingTel RAS Screen RAS Plan DNS IP Address DHCP Client Release/Renew Button will display EITHER Connection Details - Fixed/Dynamic IP Address Figure27: Connection Details - Fixed/Dynamic IP Address Data - Fixed/Dynamic IP address Screen Page Internet Features WAN Port Configuration Internet Figure28: WAN Port Configuration Screen Data – WAN Port Configuration Screen Identification IP Address Dynamic IP Address is assigned auto matically Specified Login Login Method PPTP Big Pond Cable SingTel RAS Communication Applications Special Applications Multi-DMZ URL Filter URL Filter Screen Dynamic DNS Screen DDNS Data User Name Password/Key Domain Name DDNS Status IP Address seen by Internet Users Virtual Servers Screen Defining your own Virtual Servers Connecting to the Virtual Servers Security Configuration Figure37: Password Dialog Access Control Screen Data - Access Control Screen Group Group "Members" Button Internet Access Page Group Members Screen Access Control Log Firewall Rules Screen Data Source Action Edit Move Define Firewall Rule Dest IP Log Logs Figure42: Logs Screen Data - Logs Screen Enable Logs Incoming Traffic All IP traffic All TCP/UDP/ICMP traffic Timezone Timezone Syslog Server Enable Syslog Syslog Server Include E-mail Figure43: E-MailScreen Data – E-MailScreen E-MailAlerts Send E-Mailalert E-mailaddress Subject SMTP Server Port No Security Options Figure44: Security Options Screen Data - Security Options Screen Firewall Enable DoS Options Respond to ICMP (ping) Allow VPN pass through Define Schedule Screen Services Figure46: Services Screen Data - Services Screen Available Services Available Services VPN (IPSec) IPSec IKE Policies VPN Configuration VPN Pass-through Client PC to VPN Gateway Connecting 2 LANs via VPN VPN Policies Screen Adding a New Policy Figure52: VPN Wizard – General Screen General Settings Enable Policy Allow NetBIOS traffic Figure53: VPN Wizard - Traffic Selector Screen Local IP addresses Any Single address Range address Remote IP addresses Manual Key Exchange Figure54: VPN Wizard - Manual Key Exchange Screen Manually assigned Keys AH Authentication SPI ESP Encryption Encryption Algorithm Key - In / Key - Out ESP Authentication IKE Phase Figure55: VPN Wizard - IKE Phase 1 Screen IKE Phase 1 (IKE SA) Local Identity WAN IP Address Authentication RSA Signature Pre-shared key Algorithm IKE Phase 2 Screen Figure56: VPN Wizard - IKE Phase 2 Screen IKE Phase 2 (IPsec SA) IPsec SA Life Time IPSec PFS Figure57: VPN Wizard - Final Screen Example 1: Connecting 2 VRT-311 / VRT-311Ss IPSec SA Parameters Example 2: Windows 2000/XP Client to LAN Windows Client Configuration Figure60: Windows 2000/XP - Local Security Settings Figure61: Windows 2000/XP - Policy Properties Figure62: IP Filter List Figure63: Filter Properties: Addressing Figure64: New Rule Properties: IP Filter List Figure65: New Rule Properties: Filter Action Figure66: Require Security Properties Figure67: Modify Security Method Figure68: Require Security Properties VPN Setting Windows Setting Figure69: Tunnel Setting Figure70: Authentication Method Figure71: Windows 2000/XP Client to VRT-311 / VRT-311S Figure72: Windows 2000/XP Client to VRT-311 / VRT-311S Figure73: Filter Properties: Addressing Figure74: Filter List Figure75: Filter Action Figure76: Security Methods Figure77: Modify Security Method Figure78: Tunnel Setting Figure79: Authentication Method Figure80: DUT to Win2K Properties Figure81: Properties - General Tab Figure82: Key Exchange Settings Figure83: Key Exchange Security Methods Figure84: IKE Security Algorithms Figure85: Windows 2000/XP Client to VRT-311 / VRT-311S Configuration is now complete Example 3: Windows 2000 Server to VPN Gateway Windows 2000 Server Configuration Figure87: Windows 2000 Server - Addressing Trusted Certificates Requesting a Trusted Certificate Self Certificates Requesting a Self Certificate Hash Algorithm Signature Algorithm Signature Key Length IP address E-mailAddress Figure93: Upload Self Certificate CRLs To add a New CRL Figure94: Certificate Revocation Lists Figure 95: Upload CRL Status Figure96: VPN Status Screen Data – VPN Status Screen VPN Status Data Rx Microsoft VPN Data – Microsoft VPN Screen PPTP Server Methods Client Database Client Data - Microsoft VPN Client Database Screen Existing Users User List Allow connection Login Name Figure99: Microsoft VPN Status Screen Data - Microsoft VPN Status Screen Server Status Status Current Connec Windows 98/ME Figure102: Windows ME VPN Dialing Properties To establish a connection: Windows Figure105: Windows 2000 VPN Host Figure106: Windows 2000 Connection Availability Figure107: Windows 2000 Finish Wizard Changing the connection settings Windows XP Figure110: Windows XP Connection Name Figure111: Windows XP Public Network Figure112: Windows XP VPN Server Figure113: Windows XP Connection Availability Other Features & Settings Config File Network Diagnostics PC Database Config File Config File Figure114: Config File Screen Data - Config File Screen Backup Config Restore Config Network Diagnostics Network Diagnostics Figure115: Network Diagnostics Screen Data - Network Diagnostics Screen Ping Ping Button PC Database Screen Data - PC Database Screen Known PCs Generate Report Advanced Administration PC Database (Admin) Automatic discovery MAC is Add as New Entry Standard Screen Remote Administration Figure118: Remote Administration Screen Data - Remote Administration Screen Information Information Port Number Allow Remote Access Everyone IP address range Overview Routing Screen Figure119: Routing Screen Data - Routing Screen RIP Enable RIP Static Routing Configuring Other Routers on your LAN Static Routing - Example For Router A's Default Route For Router B's Default Route Upgrade Firmware Figure121: Upgrade Firmware Screen Data – Upgrade Firmware Screen Upgrade Firmware VRT-311 /VRT 311S Password Upgrade File Start Upgrade UPnP Figure122: UPnP Screen Data - UPnP Screen UPnP Enable UPnP Allow Configu ration Allow Internet Troubleshooting Solution 2: Specifications FCC Radiation Exposure Statement