1. Home
    2. /
  2. Manuals
    3. /
  3. Cisco
    4. /
  4. CVR100W
    5. /
  5. 22
Page 106 / 150 Scroll up to view Page 101 - 105
Configuring VPN
Configuring Advanced VPN Setup
Cisco CVR100W Wireless-N VPN Router Administration Guide
104
6
Configuring Advanced VPN Setup
The Advanced VPN Setup page allows you to configure advanced VPN
parameters, such as IKE and other VPN policies. These policies control how the
CVR100W initiates and receives VPN connections with other endpoints.
Configuring Global Advanced VPN Settings
You can globally enable or disable NAT Traversal and NetBIOS on the CVR100W.
To configure NAT Traversal and NetBIOS on your CVR100W:
STEP 1
Choose
VPN
>
Advanced VPN Setup
.
STEP
2
Enter the following information:
NAT Traversal:
Check
Enable
to apply the NAT settings for both the local
network and the remote network communicating over the VPN tunnel. This
option is particularly useful in cases where both sides of a tunnel use either
the same or overlapping subnets.
NetBIOS:
Check
Enable
to allow access remote network resources by using
its NetBIOS name, for example, browsing Windows Neighborhood. NetBIOS
broadcasting can resolve a NetBIOS name to a network address. This option
allows NetBIOS broadcasts to travel over the VPN tunnel.
STEP
3
Click
Save
.
Page 107 / 150
Configuring VPN
Configuring Advanced VPN Setup
Cisco CVR100W Wireless-N VPN Router Administration Guide
105
6
Managing IKE Policies
The Internet Key Exchange (IKE) protocol dynamically exchanges keys between
two IPsec hosts. You can create IKE policies to define the security parameters,
such as authentication of the peer and encryption algorithms, to be used in this
process. Be sure to use compatible encryption, authentication, and key-group
parameters for the VPN policy.
To manage IKE policies:
STEP 1
Choose
VPN
>
Advanced VPN Setup
.
In the
IKE Policy Table
area, all existing IKE policies used for the VPN policies are
displayed.
STEP
2
To create a new IKE policy, click
Add Row
.
Other options:
To edit an IKE policy, choose an entry and click
Edit
. To delete an
IKE policy, choose an entry and click
Delete
.
NOTE
You cannot delete an IKE policy if it is being used in a VPN policy. You must
first disable and delete the VPN policy in the
VPN Policy
table.
STEP
3
Enter the following information:
Policy Name
Enter a unique name for the policy for identification and
management purposes. The VPN policy name cannot
be same as the username of an existing VPN client.
Exchange Mode
Choose one of the following options:
Main Mode:
This mode negotiates the tunnel
with higher security, but is slower.
Aggressive Mode:
This mode establishes a
faster connection, but with lowered security.
Respondent Mode
Check
Enable
to set the CVR100W to work as a VPN
respondent. The CVR100W can only receive the VPN
request from remote VPN peer.
Page 108 / 150
Configuring VPN
Configuring Advanced VPN Setup
Cisco CVR100W Wireless-N VPN Router Administration Guide
106
6
Local ID
Choose how to specify your local gateway ID.
Click
Auto
to automatically to obtain the local
gateway ID.
Click
Manual
to enter the IP address or the fully
qualified domain name (FQDN) of the local
gateway ID.
Remote ID
Choose how to specify the remote gateway ID.
Click
Auto
to automatically to obtain the remote
gateway ID.
Click
Manual
to enter the IP address or the fully
qualified domain name (FQDN) of the remote
gateway ID.
Encryption
Algorithm
Choose the algorithm used to negotiate the Security
Association (SA): DES, 3DES, AES-128, AES-192, or
AES-256.
Authentication
Algorithm
Specify the authentication algorithm for the VPN
header: MD5, SHA-1, or SHA2-256. Ensure that the
authentication algorithm is configured identically on
both sides of the VPN tunnel (for example, the
CVR100W and the router to which it is connecting).
Pre-Shared Key
Enter the key in the space provided. Note that the
double-quote character (“) is not supported in the key.
Diffie-Hellman (DH)
Group
Specify the DH Group algorithm, which is used when
exchanging keys. The DH Group sets the strength of
the algorithm in bits. Ensure that the DH Group is
configured identically on both sides of the IKE policy.
SA-Lifetime
Enter the interval, in seconds, after which the Security
Association (SA) becomes invalid.
Dead Peer
Detection
Check
Enable
to enable this feature, or uncheck to
disable it. Dead Peer Detection (DPD) detects whether
the peer is alive or not. If the peer is detected as dead,
the router deletes the IPsec and IKE Security
Association.
Page 109 / 150
Configuring VPN
Configuring Advanced VPN Setup
Cisco CVR100W Wireless-N VPN Router Administration Guide
107
6
STEP
4
Click
Save
. Then click
Back
to return to the Advanced VPN Setup page.
Configuring VPN Policies
To create an Auto VPN policy, you need to first create an IKE policy and then add
the corresponding Auto VPN policy for that IKE policy.
To configure a VPN policy:
STEP 1
Choose
VPN
>
Basic VPN Setup
.
In the
VPN Policy Table
area, all existing VPN policies used to establish the site-to-
site VPN tunnels are displayed.
STEP
2
To create a new VPN policy, click
Add Row
.
Other options:
To edit a VPN policy, choose an entry and click
Edit
. To delete a
VPN policy, choose an entry and click
Delete
. To enable a VPN policy, choose an
entry and click
Enable
. To disable a VPN policy and terminate the corresponding
VPN connection (if applicable), choose an entry and click
Disable
.
NOTE
If you have a VPN connection already configured, you cannot add another
without deleting the existing VPN connection.
STEP
3
Enter the following information:
DPD Delay
If you enable DPD, enter the interval, in seconds,
between consecutive DPD R-U-THERE messages. DPD
R-U-THERE messages are sent only when the IPsec
traffic is idle.
DPD Timeout
If you enable DPD, enter the maximum time that the
CVR100W should wait to receive a response to the
DPD message before considering the peer to be dead.
Policy Name
Enter a unique name to identify the policy.
Page 110 / 150
Configuring VPN
Configuring Advanced VPN Setup
Cisco CVR100W Wireless-N VPN Router Administration Guide
108
6
Policy Type
Choose one of the following options:
Auto Policy:
Some parameters for the VPN
tunnel are generated automatically. This
requires using the IKE (Internet Key Exchange)
protocol to perform negotiations between the
two VPN endpoints.
Manual Policy:
All settings (including the keys)
for the VPN tunnel are manually input for each
endpoint. No third-party server or organization
is involved.
Remote Endpoint
Select the type of identifier that you want to provide
for the gateway at the remote endpoint:
IP Address
or
FQDN
. Then enter the identifier in the space provided.
Redundancy
Endpoint
Check
Enable
to enable the redundancy gateway
feature so that the CVR100W can connect to a backup
VPN endpoint when the primary VPN connection fails.
If you enable this feature, specify the IP address or
FQDN of the remote redundancy endpoint or the router
to which the CVR100W will connect when the primary
VPN connection fails.
Rollback enable
Check to switch to the primary VPN connection by
disabling the backup VPN connection when the
primary VPN connection has recovered from a failure.
NOTE
DPD should be enabled if you want to use the
Redundant Endpoint feature for IPsec VPN connection.
Local Traffic Selection
Local IP
Select the type of identifier that you want to provide
for the local peer:
Single:
Limits the policy to one host. Enter the IP
address of the local host that will be part of the
VPN in
IP Address
field.
Subnet:
Allows an entire subnet to connect to
the VPN. Enter your local network address in the
IP Address
field, and enter the subnet mask in
the
Subnet Mask
field.

Rate

124.8 / 5 based on 304 votes.

Popular Cisco Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top