Manuals / Planet Technology / Computer Equipment / Network Router

Planet Technology VRT-401 user manual Manually assigned Keys, ESP Encryption, ESP Authentica

Models: VRT-401

1 125

Download 125 pages 14.86 Kb

Page 83

VPN

These settings must match the remote VPN. Note that you cannot use both AH and ESP.

Manually assigned Keys

AH Authentication AH (Authentication Header) specifies the authentication protocol for the VPN header, if used. (AH is often NOT used)

If AH is not enabled, the following settings can be ignored.

Keys

∙ The "in" key here must match the "out" key on the remote VPN, and the "out" key here must match the "in" key on the remote VPN.

∙ Keys can be in ASCII or Hex (0..9 A..F)

∙ For MD5, the keys should be 32 hex/16 ASCII characters.

∙ For SHA-1, the keys should be 40 hex/20 ASCII charac- ters.

	SPI
	∙ Each SPI (Security Parameter Index) must be unique.
	∙ The "in" SPI here must match the "out" SPI on the remote
	VPN, and the "out" SPI here must match the "in" SPI on
	the remote VPN.
	∙ Each SPI should be at least 3 characters.

ESP Encryption	ESP (Encapsulating Security Payload) provides security for
	the payload (data) sent through the VPN tunnel. Generally,
	you will want to enable both Encryption and Authentication.
	∙ The "3DES" algorithm provides greater security than
	"DES", but is slower.
	∙ The "in" key here must match the "out" key on the remote
	VPN, and the "out" key here must match the "in" key on
	the remote VPN.
ESP Authentica-	Generally, you should enable ESP Authentication. There is
tion	little difference between the available algorithms. Just ensure
	each endpoint use the same setting.
	∙ The "in" key here must match the "out" key on the remote
	VPN, and the "out" key here must match the "in" key on
	the remote VPN.
	∙ Keys can be in ASCII or Hex (0..9 A..F)
	∙ For MD5, the keys should be 32 hex/16 ASCII characters.
	∙ For SHA-1, the keys should be 40 hex/20 ASCII charac-
	ters.

ESP SPI	This is required if either ESP Encryption or ESP Authen-
	tication is enabled.
	∙ Each SPI (Security Parameter Index) must be unique.
	∙ The "in" SPI here must match the "out" SPI on the remote
	VPN, and the "out" SPI here must match the "in" SPI on
	the remote VPN.
	∙ Each SPI should be at least 3 characters.

79

Image 83

Planet Technology VRT-401 user manual Manually assigned Keys, ESP Encryption, ESP Authentica, Tication is enabled

Contents

Broadband VPN Router Copyright Table of Contents 107 Using Certificates 101Remote Administration 111 106Internet Access Features VRT-401 FeaturesAdvanced Internet Functions LAN FeaturesConfiguration & Management Security FeaturesPackage Contents Front-mounted LEDs Physical DetailsRear Panel To Clear All Data and restore the factory default valuesConnect LAN Cables ProcedureChoose an Installation Site RequirementsCheck the LEDs Using the DMZ PortPower Up Connect WAN CableTo Do this Refer to OverviewPreparation Configuration ProgramUsing UPnP Using your Web BrowserIf you cant connect Password DialogDSL Modems Config WizardCommon Connection Types Cable ModemsSingTel RAS Other Modems e.g. Broadband WirelessBig Pond Cable Australia Navigation & Data Input Home ScreenData LAN Screen LAN ScreenWhat Dhcp Does Using VRT-401’s Dhcp ServerUsing another Dhcp Server To Configure your PCs to use DhcpWindows Clients TCP/IP Settings OverviewUsing Specify an IP Address Checking TCP/IP Settings Windows 9x/MEUsing Dhcp Gateway Tab Win 95/98 Windows NT4.0 TCP/IP Checking TCP/IP Settings Windows NT4.0Specify an IP Address Obtain an IP address from a Dhcp ServerWindows NT4.0 Add Gateway Windows NT4.0 DNS Network Configuration Win Checking TCP/IP Settings WindowsTCP/IP Properties Win Using a fixed IP Address Use the following IP AddressNetwork Configuration Windows XP Checking TCP/IP Settings Windows XPTCP/IP Properties Windows XP For Windows XP Internet AccessAccessing AOL For Windows 9x/ME/2000Fixed IP Address Macintosh ClientsLinux Clients Other Unix SystemsStatus Screen OperationData Status Screen PPPoE Link Status Connection Status PPPoEData PPPoE Screen Connection Physical AddressConnection Log Messages Operation and Status Dress Connection Status PptpData Pptp Screen Connection Physical AdData Telstra Big Pond Screen Connection Status Telstra Big PondConnection Status Connection Details SingTel RASData SingTel RAS Screen Internet Physical Ad Connection Details Fixed/Dynamic IP AddressData Fixed/Dynamic IP address Screen Buttons Release/Renew Internet Screen Advanced Internet ScreenSpecial Applications Screen Communication ApplicationsSpecial Applications Checkbox Name Incoming Ports Outgoing Ports Using a Special ApplicationData Special Applications Screen URL Filter DMZData URL Filter Screen URL Filter ScreenDynamic DNS Screen Service works as followsDynamic DNS Domain Name Server Ddns Data User Name Ddns ServicePassword Domain Name Data Dynamic DNS ScreenIP Address seen by Internet Users Virtual ServersData Virtual Servers Screen Using the DMZ port for Virtual ServersVirtual Servers Screen Defining your own Virtual Servers Connecting to the Virtual ServersBackup DNS IP Address OptionsMTU size MTUAdmin Login Screen Admin LoginPassword Dialog To use this feature Access ControlAccess Control Screen Data Access Control Screen View Log Group Members Screen Access Control LogSecurity Configuration Firewall Rules Screen This feature is for advanced administrators onlyFirewall Rules Data Firewall Rules Screen Source IP Define Firewall RuleData Define Firewall Rule Screen TypeLog Dest IPAction Internet Connec Enable Logs DoS AttacksLogs Data Logs ScreenTimezone Access ControlSyslog Server Enable Syslog Firewall RulesInclude Firewall SPI Firewall Enable DoSSecurity Options Data Security Options ScreenAllow L2TP Options Respond toAllow IPsec Allow PptpData Define Schedule Screen SchedulingDefine Schedule Screen Data Services Screen ServicesButtons Delete IPSec VRT-401 does not support Transport ModeVRT-401 always uses Tunnel Mode Policies VPN ConfigurationClient PC to VPN Gateway Common VPN SituationsVPN Pass-through Connecting 2 VPN Gateways Connecting 2 LANs via VPNData VPN Policies Screen VPN ConfigurationVPN Policies Screen Operations Add Able/Disable CopyAdding a New Policy Keys General SettingsEnable Policy EndpointLocal IP addresses Type VPN Wizard Traffic SelectorManual Key Exchange Remote IP addresses TypeESP Authentica Tication is enabledManually assigned Keys ESP EncryptionRemote Identity IKE PhaseLocal Identity Mode AuthenticationEncryption IKE ExchangeIPSec PFS IKE Phase 2 IPsec SA IPsec SA LifeAH Authentication TimeExamples Example 1 Connecting 2 VRT-401sConfiguration Settings Setting LAN a Gateway LAN B GatewayIPSec SA Parameters DESExample 2 Windows 2000/XP Client to LAN VRT-401 ConfigurationSetting Value Windows 2000/XP Local Security Settings Windows Client ConfigurationWindows 2000/XP Policy Properties Filter Properties Addressing New Rule Properties Filter Action Modify Security Method VPN Setting Windows SettingTunnel Setting Windows 2000/XP Client to VRT-401 Filter List Filter Action Modify Security Method DUT to Win2K Properties Properties General Tab IKE Security Algorithms Key Exchange Security MethodsExample 3 Windows 2000 Server to VPN Gateway Setting Single Client Server/GatewayWindows 2000 Server Addressing Windows 2000 Server ConfigurationUsing Certificates Adding a Self Certificate Adding a Trusted CertificateLength Hash AlgorithmSignature Algorithm Signature KeyTo add a New CRL CRLsUpload CRL Remote Administra Tion RoutingUpgrade PC DatabasePC Database Screen PC DatabaseData PC Database Screen PC Properties Name PC Database AdminData PC Database Admin Screen Entry Update Se∙ Dchp Client Reserved IP Address Select this if the PC Buttons Add as NewTo connect from a remote PC via the Internet Remote AdministrationData Remote Administration Screen Routing Screen Using this ScreenRouting OverviewStatic Routing Static Routing Table Entries Enable RIPData Routing Screen Local Router Configuring Other Routers on your LANFor VRT-401’s Routing Table For Router As Default RouteStatic Routing Example Other Routers on the Local LANTo perform the Firmware Upgrade Firmware UpgradeFor Router Bs Default Route Data Upnp Screen Problem 1 Cant connect to VRT-401 to configure it General ProblemsInternet Access 119 FCC Statement VRT-401FCC Radiation Exposure Statement CE Marking Warning