Cisco WRV200 User Guide - Page 53

´8

Configuring IPSec with a Windows 2000

or XP Computer

Wireless-G VPN Router with RangeBooster

Appendix D

Step 4: Assign New IPSec Policy

In the

IP Security Policies on Local Machine

window, right-

click the policy named

to_Router

, and click

Assign

. A

green arrow appears in the folder icon.

Local Computer

Step 5: Create a Tunnel Through the Web-Based

Utility

Open your web browser, and enter

±9².±¶8.±.±

in the

Address

field. Press

Enter

.

When the

User name

and

Password

fields appear, enter

the default user name and password,

admin

. Press

Enter

.

Click the

VPN

tab, then click

IPSec VPN

.

VPN > IPSec VPN

Select the tunnel you wish to create in the

Select Tunnel

Entry

drop-down box. Then click

Enabled

next to the

VPN Tunnel

option. Enter the name of the tunnel in

1.

2.

3.

4.

the

Tunnel Name

field.

This is to allow you to identify

multiple tunnels and does not have to match the

name used at the other end of the tunnel. Set the

NAT-

Traversal

option to

Disabled

.

Enter the IP Address and Subnet Mask of the local VPN

Router in the

Local Secure Group

fields. To allow access

to the entire IP subnet, enter

0

for the last set of IP

Addresses (e.g. 192.168.1.0).

Enter the IP Address and Subnet Mask of the VPN

device at the other end of the tunnel (the remote VPN

Router or device with which you wish to communicate)

in the

Remote Secure Group

fields.

Select the Key Management.

Select

Auto (IKE)

, then set the Operation Mode to

Main

.

Select the ISAKMP encryption method:

³DES

,

AES-

±²8

,

AES-±9²

, or

AES-²µ¶

. The method you select

must be the same type of encryption that is being

used by the VPN device at the other end of the

tunnel.

Select the ISAKMP authentication method:

MDµ

or

SHA±

(SHA1 is recommended as it is more secure).

As with encryption, the method you select must be

the same type of authentication used by the VPN

device at the other end of the tunnel.

Select the ISAKMP DH Group: 1024, 1536, 2048,

3072, 4096, 6144, or 8192. These represent different

bits used in Diffie-Hellman mode operation.

In the

ISAKMP Key Lifetime

field, enter a time period

in seconds to have the key expire at the end of the

designated period, or leave the field blank for the

key to last indefinitely.

Select

PFS

(Perfect Forward Secrecy) to ensure

that the initial key exchange and IKE proposals are

secure.

For

IPSec,

specify

the

Encryption

Method,

Authentication

Method,

DH

Group,

and

Key

Lifetime in the same manner as for ISAKMP above.

Enter a series of numbers or letters in the

Pre-

shared Key

field. You may use any combination of

up to 24 numbers or letters in this field. No special

characters or spaces are allowed.

Click

Save Settings

to save these changes.

Your tunnel should now be established.

5.

6.

7.

a.

b.

c.

d.

e.

f.

g.

h.

8.

Section	Page
Chapter 1: Introduction	6
Chapter 2: Planning Your Wireless Network	7
Network Topology	7
Ad-Hoc versus Infrastructure Mode	7
Network Layout	7
Chapter 3: Planning Your Virtual Private Network (VPN)	8
Why do I need a VPN?	8
1) MAC Address Spoofing	8
2) Data Sniffing	8
3) Man in the middle attacks	8
What is a VPN?	8
VPN Router to VPN Router	9
Computer (using the Linksys VPN client software) to VPN Router	9
Chapter 4: Product Overview	10
Front Panel	10
Back Panel	10
Chapter 5: Configuring the Wireless-G VPN Router	11
Overview	11
How to Access the Web-based Utility	12
Setup	12
Setup > Basic Settings	12
Setup > VLAN	15
Setup > DDNS	15
Setup > MAC Address Clone	16
Setup > Advanced Routing	17
Wireless	18
Wireless > Basic Wireless Settings	18
Wireless > Wireless Security	18
Wireless > Wireless Network Access	21
Wireless > Advanced Wireless Settings	22
Wireless > WDS	22
Firewall	23
Firewall > General	23
Firewall > Port Forwarding	23
Firewall > Port Triggering	24
Firewall > DMZ	24
Firewall > Access Restriction	25
Firewall > URL Filtering	25
VPN	25
VPN > VPN Client Access	25
VPN > VPN Passthrough	26
VPN > IPSec VPN	27
VPN > VPN Summary	29
QoS	30
QoS > Application-Based QoS	30
QoS > Port-Based QoS	30
Administration	31
Administration > Management	31
Administration > Log	32
Administration > Diagnostics	33
Administration > Factory Default	33
Administration > Firmware Upgrade	33
Administration > Reboot	34
Status	34
Status > Router	34
Status > Local Network	35
Status > Wireless	35
Status > System Performance	35
Status > VPN Clients	36
Appendix A: Troubleshooting	37
Frequently Asked Questions	42
Appendix B: Wireless Security Checklist	44
General Network Security Guidelines	44
Additional Security Tips	44
Appendix C: Using Linksys QuickVPN for Windows 2000, XP, or Vista	45
Overview	45
Before You Begin	45
Installing the Linksys QuickVPN Software	45
Installing from the CD-ROM	45
Downloading and Installing from the Internet	45
Using the Linksys QuickVPN Software	46
Version Number of the QuickVPN Client	46
Distributing Certificates to QuickVPN Users	47
Appendix D: Configuring IPSec with a Windows 2000 or XP Computer	48
Introduction	48
Environment	48
How to Establish a Secure IPSec Tunnel	48
Step 1: Create an IPSec Policy	48
Step 2: Build Filter Lists	48
Step 3: Configure Individual Tunnel Rules	50
Step 4: Assign New IPSec Policy	53
Step 5: Create a Tunnel Through the Web-Based Utility	53
Appendix E: Gateway-to-Gateway VPN Tunnel	54
Overview	54
Before You Begin	54
Configuration when the Remote Gateway Uses a Static IP Address	54
Configuration of the WRV200	54
Configuration of the RV082	55
Configuration of PC 1 and PC 2	55
Configuration when the Remote Gateway Uses a Dynamic IP Address	56
Configuration of the WRV200	56
Configuration of the RV082	56
Configuration of PC 1 and PC 2	57
Configuration when Both Gateways Use Dynamic IP Addresses	57
Configuration of the WRV200	57
Configuration of the RV082	58
Configuration of PC 1 and PC 2	58
Appendix F: Glossary	59
Appendix G: Specifications	62
Appendix H: Warranty Information	64
Exclusions and Limitations	64
Obtaining Warranty Service	64
Technical Support	65
Appendix I: Regulatory Information	66
FCC Statement	66
FCC Radiation Exposure Statement	66
Safety Notices	66
Industry Canada Statement	66
Industry Canada Radiation Exposure Statement:	66
Avis d’Industrie Canada	67
Avis d’Industrie Canada concernant l’exposition aux radiofréquences :	67
Wireless Disclaimer	67
Avis de non-responsabilité concernant les appareils sans fil	67
User Information for Consumer Products Covered by EU Directive 2002/96/EC on Waste Electric and Electronic Equipment (WEEE)	68

Cisco WRV200 User Guide - Page 53

Step 4: Assign New IPSec Policy, Step 5: Create a Tunnel Through the Web-Based Utility, to_Router

Page 53 highlights