Cisco RV042 User Guide - Page 45

IPSec Setup, IKE with Preshared Key - esp

Get Cisco RV042 - Small Business Dual WAN VPN Router PDF manuals and user guides
UPC - 745883560530
View all Cisco RV042 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 45 highlights

Chapter 4 Advanced Configuration Remote Security Gateway Type > Dynamic IP + Domain Name(FQDN) Authentication DomainName Enterthedomainnameforauthentication. (Once used, you cannot use it again to create a new tunnel connection.) Dynamic IP + E-mail Addr.(USER FQDN) Authentication The Remote Security Gateway will be a dynamic IP address, so you do not need to enter the IP address. When the Remote Security Gateway requests to create a tunnel with the Router, the Router will work as a responder. Remote Security Gateway Type > Dynamic IP + E-mail Addr.(USER FQDN) Authentication E-mail address Enter the e-mail address for authentication. Remote Security Group Type Select the Remote Security Group behind the Remote Gateway that can use this VPN tunnel. Select the type you want to use: IP, Subnet, or IP Range. Follow the instructions for the type you want to use. NOTE: The Remote Security Group Type you select should match the Local Security Group Type selected on the VPN device at the other end of the tunnel. After you have selected the Remote Security Group Type, the settings available on this screen may change, depending on which selection you have made. IP Only the computer with a specific IP address will be able to access the tunnel. Remote Security Group Type > IP IP address Enter the appropriate IP address. Subnet The default is Subnet. All computers on the remote subnet will be able to access the tunnel. 10/100 4-Port VPN Router Remote Security Group Type > Subnet IP address Enter the IP address. Subnet Mask Enter the subnet mask. The default is 255.255.255.0. IP Range Specify a range of IP addresses within a subnet that will be able to access the tunnel. Remote Security Group Type > IP Range IP range Enter the range of IP addresses. IPSec Setup In order for any encryption to occur, the two ends of a VPN tunnel must agree on the methods of encryption, decryption, and authentication. This is done by sharing a key to the encryption code. For key management, the default mode is IKE with Preshared Key. Keying Mode Select IKE with Preshared Key or Manual. Both ends of a VPN tunnel must use the same mode of key management. After you have selected the mode, the settings available on this screen may change, depending on the selection you have made. Follow the instructions for the mode you want to use. IKE with Preshared Key IKE is an Internet Key Exchange protocol used to negotiate key material for Security Association (SA). IKE uses the Preshared Key to authenticate the remote IKE peer. Phase 1 DH Group Phase 1 is used to create the SA. DH (Diffie-Hellman) is a key exchange protocol used during Phase 1 of the authentication process to establish preshared keys. There are three groups of different prime key lengths. Group 1 is 768 bits, and Group 2 is 1,024 bits. Group 5 is 1,536 bits. If network speed is preferred, select Group 1. If network security is preferred, select Group 5. Phase 1 Encryption Select a method of encryption: DES (56-bit), 3DES (168-bit), AES-128 (128-bit), AES-192 (192bit), or AES-256 (256-bit). The method determines the length of the key used to encrypt or decrypt ESP packets. AES-256 is recommended because it is the most secure. Make sure both ends of the VPN tunnel use the same encryption method. Phase 1 Authentication Select a method of authentication, MD5 or SHA. The authentication method determines how the ESP packets are validated. MD5 is 38

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
Chapter 4
Advanced Configuration
38
10/100 4-Port VPN Router
Remote Security Gateway Type > Dynamic IP + Domain Name(FQDN)
Authentication
Domain Name
Enter the domain name for authentication.
(Once used, you cannot use it again to create a new tunnel
connection.)
Dynamic IP + E-mail Addr.(USER FQDN) Authentication
The Remote Security Gateway will be a dynamic IP
address, so you do not need to enter the IP address. When
the Remote Security Gateway requests to create a tunnel
with the Router, the Router will work as a responder.
Remote Security Gateway Type > Dynamic IP + E-mail Addr.(USER
FQDN) Authentication
E-mail
address
Enter
the
e-mail
address
for
authentication.
Remote Security Group Type
Select the Remote Security Group behind the Remote
Gateway that can use this VPN tunnel. Select the type
you want to use:
IP
,
Subnet
, or
IP Range
. Follow the
instructions for the type you want to use.
NOTE:
The Remote Security Group Type you
select should match the Local Security Group
Type selected on the VPN device at the other
end of the tunnel.
After you have selected the Remote Security Group
Type, the settings available on this screen may change,
depending on which selection you have made.
IP
Only the computer with a specific IP address will be able
to access the tunnel.
Remote Security Group Type > IP
IP address
Enter the appropriate IP address.
Subnet
The default is
Subnet
. All computers on the remote subnet
will be able to access the tunnel.
Remote Security Group Type > Subnet
IP address
Enter the IP address.
Subnet Mask
Enter the subnet mask. The default is
255.255.255.0
.
IP Range
Specify a range of IP addresses within a subnet that will be
able to access the tunnel.
Remote Security Group Type > IP Range
IP range
Enter the range of IP addresses.
IPSec Setup
In order for any encryption to occur, the two ends of a
VPN tunnel must agree on the methods of encryption,
decryption, and authentication. This is done by sharing
a key to the encryption code. For key management, the
default mode is
IKE with Preshared Key
.
Keying Mode
Select
IKE with Preshared Key
or
Manual
.
Both ends of a VPN tunnel must use the same mode of
key management. After you have selected the mode, the
settings available on this screen may change, depending
on the selection you have made. Follow the instructions
for the mode you want to use.
IKE with Preshared Key
IKE is an Internet Key Exchange protocol used to negotiate
key material for Security Association (SA). IKE uses the
Preshared Key to authenticate the remote IKE peer.
Phase 1 DH Group
Phase 1 is used to create the SA. DH
(Diffie-Hellman) is a key exchange protocol used during
Phase 1 of the authentication process to establish pre-
shared keys. There are three groups of different prime
key lengths. Group 1 is 768 bits, and Group 2 is 1,024 bits.
Group 5 is 1,536 bits. If network speed is preferred, select
Group 1
. If network security is preferred, select
Group 5
.
Phase 1 Encryption
Select a method of encryption:
DES
(56-bit),
3DES
(168-bit),
AES-128
(128-bit),
AES-192
(192-
bit), or
AES-256
(256-bit). The method determines the
length of the key used to encrypt or decrypt ESP packets.
AES-256 is recommended because it is the most secure.
Make sure both ends of the VPN tunnel use the same
encryption method.
Phase
1
Authentication
Select
a
method
of
authentication,
MD5
or
SHA
. The authentication method
determines how the ESP packets are validated. MD5 is