Prestige 334W User’s Guide

 

 

Table 16-9 Rule Setup: Manual

 

 

 

 

 

LABEL

DESCRIPTION

 

 

 

 

 

 

Remote Port End

Enter a port number in this field to define a port range. This port number must

 

 

 

be greater than that specified in the previous field. If Remote Port Start is left

 

 

 

at 0, Remote Port End will also remain at 0.

 

 

 

If there is a private DNS server that services the VPN, type its IP address here.

 

 

DNS Server (for IPSec

The Prestige assigns this additional DNS server to the Prestige’s DHCP clients

 

 

that have IP addresses in this IPSec rule's range of local addresses. A DNS

 

 

VPN)

 

 

server allows clients on the VPN to find other computers and servers on the

 

 

 

 

 

 

VPN by their (private) domain names.

 

 

 

 

 

 

My IP Address

Enter the WAN IP address of your Prestige. The Prestige uses its current WAN

 

 

 

IP address (static or dynamic) in setting up the VPN tunnel if you leave this field

 

 

 

as 0.0.0.0. The VPN tunnel has to be rebuilt if this IP address changes.

 

 

Secure Gateway IP

Type the WAN IP address or the URL (up to 31 characters) of the IPSec router

 

 

Address

with which you're making the VPN connection.

 

 

 

 

 

 

SPI

Type a number (base 10) from 1 to 999999 for the Security Parameter Index.

 

 

 

 

 

 

Encapsulation Mode

Select Tunnel mode or Transport mode from the drop-down list box.

 

 

 

 

 

 

Enable Replay

As a VPN setup is processing intensive, the system is vulnerable to Denial of

 

 

Detection

Service (DoS) attacks The IPSec receiver can detect and reject old or duplicate

 

 

 

packets to protect against replay attacks. Select YES from the drop-down menu

 

 

 

to enable replay detection, or select NO to disable it.

 

 

IPSec Protocol

Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP

 

 

 

protocol (RFC 2406) provides encryption as well as some of the services

 

 

 

offered by AH. If you select ESP here, you must select options from the

 

 

 

Encryption Algorithm and Authentication Algorithm fields (described next).

 

 

 

Select AH if you want to use AH (Authentication Header Protocol). The AH

 

 

 

protocol (RFC 2402) was designed for integrity, authentication, sequence

 

 

 

integrity (replay resistance), and non-repudiation but not for confidentiality, for

 

 

 

which the ESP was designed. If you select AH here, you must select options

 

 

 

from the Authentication Algorithm field (described later).

 

 

Encryption Algorithm

Select DES or 3DES from the drop-down list box. The Prestige's encryption

 

 

 

algorithm should be identical to the secure remote gateway. When DES is used

 

 

 

for data communications, both sender and receiver must know the same secret

 

 

 

key, which can be used to encrypt and decrypt the message. The DES

 

 

 

encryption algorithm uses a 56-bit key. Triple DES (3DES) is a variation on

 

 

 

DES that uses a 168-bit key. As a result, 3DES is more secure than DES. It

 

 

 

also requires more processing power, resulting in increased latency and

 

 

 

decreased throughput.

 

VPN Screens

16-29