Cisco RV042 User Guide - Page 53

VPN > VPN Client Access, Compress Support IP Payload Compression Protocol - firmware upgrade

Get Cisco RV042 - Small Business Dual WAN VPN Router PDF manuals and user guides
UPC - 745883560530
View all Cisco RV042 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 53 highlights

Chapter 4 Advanced Configuration If DES is selected, the Encryption Key is 16-bit, which requires 16 hexadecimal values. If you do not enter enough hexadecimal values, then the rest of the Encryption Key will be automatically completed with zeroes, so the Encryption Key will be 16-bit. If 3DES is selected, the Encryption Key is 48-bit, which requires 40 hexadecimal values. If you do not enter enough hexadecimal values, then the rest of the Encryption Key will be automatically completed with zeroes, so the Encryption Key will be 48bit. Make sure both ends of the VPN tunnel use the same Encryption Key. Authentication Key This field specifies a key used to authenticate IP traffic. Enter a key of hexadecimal values. If MD5 is selected, the Authentication Key is 32-bit, which requires 32 hexadecimal values. If you do not enter enough hexadecimal values, then the rest of the Authentication Key will be automatically completed with zeroes until it has 32 hexadecimal values. If SHA is selected, the Authentication Key is 40-bit, which requires 40 hexadecimal values. If you do not enter enough hexadecimal values, then the rest of the Authentication Key will be automatically completed with zeroes until it has 40 hexadecimal values. Make sure both ends of the VPN tunnel use the same Authentication Key. Advanced For most users, the settings on the VPN page should suffice; however, the Router provides advanced IPSec settings for advanced users using the IKE with Preshared Key mode. Click Advanced to view the Advanced settings. Advanced Aggressive Mode There are two types of Phase 1 exchanges, Main Mode and Aggressive Mode. Aggressive Mode requires half of the main mode messages to be exchanged in Phase 1 of the SA exchange. If network security is preferred, leave the Aggressive Mode check box unchecked (Main Mode will be used). If network speed is preferred, select Aggressive Mode. If you select one of the Dynamic IP types for the Remote Security Gateway Type setting, then Main Mode will be unavailable, so Aggressive Mode will be used. Compress (Support IP Payload Compression Protocol (IP Comp)) IP Payload Compression is a protocol that reduces the size of IP datagrams. Select this option if you want the Router to propose compression when it initiates a 10/100 4-Port VPN Router connection. If the responders reject this proposal, then the Router will not implement compression. When the Router works as a responder, it will always accept compression, even if compression is not enabled. Keep-Alive Keep-Alive helps maintain IPSec VPN tunnel connections. If a connection is dropped and detected, it will be re-established immediately. Select this option to use this feature. AH Hash Algorithm The AH (Authentication Header) protocol describes the packet format and default standards for packet structure. With the use of AH as the security protocol, protection is extended forward into the IP header to verify the integrity of the entire packet by use of portions of the original IP header in the hashing process. Select this option to use this feature. Then select MD5 or SHA1. MD5 produces a 128-bit digest to authenticate packet data. SHA produces a 160-bit digest to authenticate packet data. Both sides of the tunnel should use the same algorithm. NetBIOS Broadcast Select this option to allow NetBIOS traffic to pass through the VPN tunnel. By default, the Router blocks this traffic. NAT Traversal Select this option to use this feature. Both the IPSec initiator and responder must support the mechanism for detecting the NAT router in the path and changing to a new port, as defined in RFC 3947. Dead Peer Detection (DPD) (This option is available for VPN tunnels only, not group VPNs.) When DPD is enabled, the Router will send periodic HELLO/ACK messages to check the status of the VPN tunnel (this feature can be used only when both peers or VPN devices of the VPN tunnel use the DPD mechanism). Once a dead peer has been detected, the Router will disconnect the tunnel so the connection can be re-established. Specify the interval between HELLO/ACK messages (how often you want the messages to be sent). DPD is enabled by default, and the default interval is 10 seconds. Click Save Settings to save your changes, or click Cancel Changes to undo them. VPN > VPN Client Access The VPN Client Access screen allows you to manage access for Linksys QuickVPN clients. (The Router supports up to 50 Linksys QuickVPN clients free of charge. If the Router you have only supports up to ten clients, then upgrade its firmware. Refer to "Appendix F: Firmware Upgrade" for instructions.) 46

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
Chapter 4
Advanced Configuration
46
10/100 4-Port VPN Router
If DES is selected, the Encryption Key is 16-bit, which
requires 16 hexadecimal values. If you do not enter enough
hexadecimal values, then the rest of the Encryption
Key will be automatically completed with zeroes, so the
Encryption Key will be 16-bit. If 3DES is selected, the
Encryption Key is 48-bit, which requires 40 hexadecimal
values. If you do not enter enough hexadecimal values,
then the rest of the Encryption Key will be automatically
completed with zeroes, so the Encryption Key will be 48-
bit. Make sure both ends of the VPN tunnel use the same
Encryption Key.
Authentication Key
This field specifies a key used to
authenticate IP traffic. Enter a key of hexadecimal values.
If MD5 is selected, the Authentication Key is 32-bit, which
requires 32 hexadecimal values. If you do not enter enough
hexadecimal values, then the rest of the Authentication Key
will be automatically completed with zeroes until it has 32
hexadecimal values. If SHA is selected, the Authentication
Key is 40-bit, which requires 40 hexadecimal values. If you
do not enter enough hexadecimal values, then the rest of
the Authentication Key will be automatically completed
with zeroes until it has 40 hexadecimal values. Make sure
both ends of the VPN tunnel use the same Authentication
Key.
Advanced
For most users, the settings on the VPN page should suffice;
however, the Router provides advanced IPSec settings for
advanced users using the IKE with Preshared Key mode.
Click
Advanced
to view the Advanced settings.
Advanced
Aggressive Mode
There are two types of Phase 1
exchanges, Main Mode and Aggressive Mode.
Aggressive Mode requires half of the main mode messages
to be exchanged in Phase 1 of the SA exchange. If network
security is preferred, leave the Aggressive Mode check box
unchecked (Main Mode will be used). If network speed is
preferred, select
Aggressive Mode
. If you select one of
the Dynamic IP types for the Remote Security Gateway
Type setting, then Main Mode will be unavailable, so
Aggressive Mode will be used.
Compress (Support IP Payload Compression Protocol
(IP Comp))
IP Payload Compression is a protocol that
reduces the size of IP datagrams. Select this option if you
want the Router to propose compression when it initiates a
connection. If the responders reject this proposal, then the
Router will not implement compression. When the Router
works as a responder, it will always accept compression,
even if compression is not enabled.
Keep-Alive
Keep-Alive helps maintain IPSec VPN tunnel
connections. If a connection is dropped and detected, it
will be re-established immediately. Select this option to
use this feature.
AH Hash Algorithm
The AH (Authentication Header)
protocol
describes
the
packet
format
and
default
standards for packet structure. With the use of AH as the
security protocol, protection is extended forward into the
IP header to verify the integrity of the entire packet by use
of portions of the original IP header in the hashing process.
Select this option to use this feature. Then select
MD5
or
SHA1
. MD5 produces a 128-bit digest to authenticate
packet data. SHA produces a 160-bit digest to authenticate
packet data. Both sides of the tunnel should use the same
algorithm.
NetBIOS Broadcast
Select this option to allow NetBIOS
traffic to pass through the VPN tunnel. By default, the
Router blocks this traffic.
NAT Traversal
Select this option to use this feature.
Both the IPSec initiator and responder must support the
mechanism for detecting the NAT router in the path and
changing to a new port, as defined in RFC 3947.
Dead Peer Detection (DPD)
(This option is available for
VPN tunnels only, not group VPNs.) When DPD is enabled,
the Router will send periodic HELLO/ACK messages to
check the status of the VPN tunnel (this feature can be
used only when both peers or VPN devices of the VPN
tunnel use the DPD mechanism). Once a dead peer has
been detected, the Router will disconnect the tunnel so
the connection can be re-established. Specify the interval
between HELLO/ACK messages (how often you want the
messages to be sent). DPD is enabled by default, and the
default interval is
10
seconds.
Click
Save Settings
to save your changes, or click
Cancel
Changes
to undo them.
VPN > VPN Client Access
The
VPN Client Access
screen allows you to manage access
for Linksys QuickVPN clients. (The Router supports up to
50 Linksys QuickVPN clients free of charge. If the Router
you have only supports up to ten clients, then upgrade
its firmware. Refer to “Appendix F: Firmware Upgrade” for
instructions.)