Linksys BEFSX41 User Guide - Page 13

Remote Security Gateway, Key Management, IP Address, IP Range, FQDN Fully Qualified Domain Name - manual

Get Linksys BEFSX41 - Instant Broadband EtherFast Cable/DSL Firewall Router PDF manuals and user guides
UPC - 745883551798
View all Linksys BEFSX41 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 13 highlights

Chapter 2 IP Address If you select IP Address, only the computer with the specific IP Address that you enter will be able to access the tunnel. IP Range If you select IP Range, it will be a combination of Subnet and IP Address. You can specify a range of IP Addresses within the Subnet which will have access to the tunnel. The next two options are for Remote Secure Groups only. Host If you select Host for the Remote Secure Group, then the Remote Secure Group will be the same as the Remote Security Gateway setting: IP Address, FQDN (Fully Qualified Domain Name), or Any. Any If you select Any for the Remote Security Group, the local VPN Router will accept a request from any IP address. This setting should be chosen when the other endpoint is using DHCP or PPPoE on the Internet side. Remote Security Gateway The Remote Security Gateway is the VPN device, such as a second VPN Router, on the remote end of the VPN tunnel. Under Remote Security Gateway, you have three options: IP Address, FQDN, and Any. In this section, you can also set the levels and types of encryption and authentication. IP Address If you select IP Address, enter the IP Address of the VPN device at the other end of the tunnel. The remote VPN device can be another VPN Router, a VPN Server, or a computer with VPN client software that supports IPSec. The IP Address may either be static (permanent) or dynamic (changing), depending on the settings of the remote VPN device. Make sure that you have entered the IP Address correctly, or the connection cannot be made. Remember, this is NOT the IP Address of the local VPN Router, but the IP Address of the remote VPN Router or device with which you wish to communicate. FQDN (Fully Qualified Domain Name) If you select FQDN, enter the FQDN of the VPN device at the other end of the tunnel. The remote VPN device can be another VPN Router, a VPN Server, or a computer with VPN client software that supports IPSec. The FQDN is the host name and domain name for a specific computer on the Internet, for example, vpn.myvpnserver.com. Any If you select Any for the Remote Security Gateway, the VPN device at the other end of the tunnel will accept a request from any IP address. The remote VPN device can be another VPN Router, a VPN Server, or a computer with VPN client software that supports IPSec. If the remote user has an unknown or dynamic IP address (such as a professional on the road or a telecommuter using DHCP or PPPoE), then Any should be selected. Encryption Using Encryption also helps make your connection more secure. There are two different types of encryption: DES or 3DES (3DES is recommended because it is more secure). You may choose either of these, but it Broadband Firewall Router with 4-Port Switch/VPN Endpoint Advanced Configuration must be the same type of encryption that is being used by the VPN device at the other end of the tunnel. Or, you may choose not to encrypt by selecting Disable. Authentication Authentication acts as another level of security. There are two types of authentication: MD5 and SHA (SHA is recommended because it is more secure). As with encryption, either of these may be selected, provided that the VPN device at the other end of the tunnel is using the same type of authentication. Or, both ends of the tunnel may choose to Disable authentication. Key Management In order for any encryption to occur, the two ends of the tunnel must agree on the type of encryption and the way the data will be decrypted. This is done by sharing a "key" to the encryption code. Under Key Management, you may choose automatic or manual key management. Automatic Key Management Select Auto (IKE) and enter a series of numbers or letters in the Pre-shared Key field. Check the box next to PFS (Perfect Forward Secrecy) to ensure that the initial key exchange and IKE proposals are secure. Based on this word, which MUST be entered at both ends of the tunnel if this method is used, a key is generated to scramble (encrypt) the data being transmitted over the tunnel, where it is unscrambled (decrypted). You may use any combination of up to 24 numbers or letters in this field. No special characters or spaces are allowed. In the Key Lifetime field, you may optionally select to have the key expire at the end of a time period of your choosing. Enter the number of seconds you'd like the key to be useful, or leave it blank for the key to last indefinitely. Manual Key Management Similarly, you may choose Manual keying, which allows you to generate the key yourself. Enter your key into the Encryption KEY field. Then enter an Authentication KEY into that field. These fields must both match the information that is being entered in the fields at the other end of the tunnel. Up to 24 alphanumeric characters are allowed to create the Encryption Key. Up to 20 alphanumeric characters are allowed to create the Authentication Key. The Inbound SPI and Outbound SPI fields are different, however. The Inbound SPI value set here must match the Outbound SPI value at the other end of the tunnel. The Outbound SPI here must match the Inbound SPI value at the other end of the tunnel. That is, the Inbound SPI and Outbound SPI values would be opposite on the other end of the tunnel. Only numbers can be used in these fields. After you click the Save Settings button, hexadecimal characters (series of letters and numbers) are displayed in the Inbound SPI and Outbound SPI fields. The Status field at the bottom of the screen will show when a tunnel is active. To connect a VPN tunnel, click the Connect button. The View Logs button, when logging is enabled on the 10

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
Chapter 2
Advanced Configuration
10
Broadband Firewall Router with 4-Port Switch/VPN Endpoint
IP Address
If you select
IP Address
, only the computer
with the specific IP Address that you enter will be able to
access the tunnel.
IP Range
If you select
IP Range
, it will be a combination
of Subnet and IP Address.
You can specify a range of IP
Addresses within the Subnet which will have access to the
tunnel.
The next two options are for Remote Secure Groups only.
Host
If you select
Host
for the Remote Secure Group,
then the Remote Secure Group will be the same as the
Remote Security Gateway setting: IP Address, FQDN (Fully
Qualified Domain Name), or Any.
Any
If you select
Any
for the Remote Security Group, the
local VPN Router will accept a request from any IP address.
This setting should be chosen when the other endpoint is
using DHCP or PPPoE on the Internet side.
Remote Security Gateway
The Remote Security Gateway is the VPN device, such as a
second VPN Router, on the remote end of the VPN tunnel.
Under Remote Security Gateway, you have three options:
IP Address
,
FQDN
, and
Any
. In this section, you can also
set the levels and types of encryption and authentication.
IP Address
If you select
IP Address
, enter the IP Address of
the VPN device at the other end of the tunnel. The remote
VPN device can be another VPN Router, a VPN Server,
or a computer with VPN client software that supports
IPSec.
The IP Address may either be static (permanent)
or dynamic (changing), depending on the settings of the
remote VPN device.
Make sure that you have entered the
IP Address correctly, or the connection cannot be made.
Remember, this is NOT the IP Address of the local VPN
Router, but the IP Address of the remote VPN Router or
device with which you wish to communicate.
FQDN (Fully Qualified Domain Name)
If you select
FQDN
, enter the FQDN of the VPN device at the other
end of the tunnel. The remote VPN device can be another
VPN Router, a VPN Server, or a computer with VPN client
software that supports IPSec.
The FQDN is the host name
and domain name for a specific computer on the Internet,
for example, vpn.myvpnserver.com.
Any
If you select
Any
for the Remote Security Gateway,
the VPN device at the other end of the tunnel will accept
a request from any IP address. The remote VPN device can
be another VPN Router, a VPN Server, or a computer with
VPN client software that supports IPSec. If the remote
user has an unknown or dynamic IP address (such as a
professional on the road or a telecommuter using DHCP
or PPPoE), then Any should be selected.
Encryption
Using Encryption also helps make your
connection more secure.
There are two different types of
encryption:
DES
or
3DES
(3DES is recommended because
it is more secure).
You may choose either of these, but it
must be the same type of encryption that is being used by
the VPN device at the other end of the tunnel.
Or, you may
choose not to encrypt by selecting
Disable
.
Authentication
Authentication acts as another level of
security.
There are two types of authentication:
MD5
and
SHA
(SHA is recommended because it is more secure).
As
with encryption, either of these may be selected, provided
that the VPN device at the other end of the tunnel is using
the same type of authentication.
Or, both ends of the
tunnel may choose to Disable authentication.
Key Management
In order for any encryption to occur, the two ends of the
tunnel must agree on the type of encryption and the way
the data will be decrypted.
This is done by sharing a “key”
to the encryption code.
Under
Key Management
, you may
choose automatic or manual key management.
Automatic Key Management
Select
Auto
(IKE) and enter
a series of numbers or letters in the
Pre-shared Key
field.
Check the box next to
PFS
(Perfect Forward Secrecy) to
ensure that the initial key exchange and IKE proposals are
secure. Based on this word, which MUST be entered at both
ends of the tunnel if this method is used, a key is generated
to scramble (encrypt) the data being transmitted over the
tunnel, where it is unscrambled (decrypted).
You may use
any combination of up to 24 numbers or letters in this
field. No special characters or spaces are allowed. In the
Key Lifetime
field, you may optionally select to have the key
expire at the end of a time period of your choosing.
Enter
the number of seconds you’d like the key to be useful, or
leave it blank for the key to last indefinitely.
Manual Key Management
Similarly, you may choose
Manual keying, which allows you to generate the key
yourself.
Enter your key into the
Encryption KEY
field.
Then enter an Authentication KEY into that field.
These
fields must both match the information that is being
entered in the fields at the other end of the tunnel. Up
to 24 alphanumeric characters are allowed to create the
Encryption Key. Up to 20 alphanumeric characters are
allowed to create the Authentication Key.
The
Inbound SPI
and
Outbound SPI
fields are different,
however.
The Inbound SPI value set here must match the
Outbound SPI value at the other end of the tunnel.
The
Outbound SPI here must match the Inbound SPI value at
the other end of the tunnel. That is, the Inbound SPI and
Outbound SPI values would be opposite on the other end
of the tunnel.
Only numbers can be used in these fields.
After you click the
Save Settings
button, hexadecimal
characters (series of letters and numbers) are displayed in
the
Inbound SPI
and
Outbound SPI
fields.
The
Status
field at the bottom of the screen will show
when a tunnel is active.
To connect a VPN tunnel, click the
Connect
button.
The
View Logs
button, when logging is enabled on the