Cisco CVR100W Router Manual PDF (Setup & Configuration Guide)

Page 111 / 150 Scroll up to view Page 106 - 110

Configuring VPN

Configuring Advanced VPN Setup

Cisco CVR100W Wireless-N VPN Router Administration Guide

109

6

IP Address

Enter the IP address of the local host if the Local IP is

set to Single, or enter your local network address if the

Local IP is set to Subnet.

Subnet Mask

Enter the subnet mask, such as 255.255.255.0, if the

Local IP is set to Subnet.

Remote Traffic Selection

Remote IP

Select the type of identifier that you want to provide

for the remote peer:

•

Single:

Limits the policy to one remote host.

Enter the IP address of the remote host that will

be part of the VPN in

IP Address

field.

•

Subnet:

Allows an entire subnet to connect to

the VPN. Enter the remote network address in

the

IP Address

field, and enter the subnet mask

in the

Subnet Mask

field.

IP Address

Enter the IP address of the remote host if the Remote IP

is set to Single, or enter the remote network address if

the Remote IP is set to Subnet.

Subnet Mask

Enter the subnet mask, such as 255.255.255.0, if the

Remote IP is set to Subnet.

IMPORTANT:

Make sure that you avoid using overlapping subnets for remote

or local traffic selectors. Using these subnets would require adding static

routes on the router and the hosts to be used. For example, a combination to

avoid would be:

Local Traffic Selector: 192.168.1.0/24

Remote Traffic Selector: 192.168.0.0/16

Manual Policy Parameters

For a Manual policy type, enter the settings in the

Manual Policy Parameters

area.

SPI-Incoming

Enter a hexadecimal value between 3 and 8

characters; for example, 0x1234.

SPI-Outgoing

Enter a hexadecimal value between 3 and 8

characters.

Page 112 / 150

Configuring VPN

Configuring Advanced VPN Setup

Cisco CVR100W Wireless-N VPN Router Administration Guide

110

6

Encryption Algorithm

Select the algorithm used to encrypt the data: DES,

3DES, AES-128, AES-192, or AES-256.

Key-In

Enter the encryption key of the inbound policy. The

length of the key depends on the encryption algorithm

chosen:

•

DES: 8 characters

•

3DES: 24 characters

•

AES-128: 16 characters

•

AES-192: 24 characters

•

AES-256: 32 characters

Key-Out

Enter the encryption key of the outbound policy. The

length of the key depends on the encryption algorithm

chosen, as shown above.

Integrity Algorithm

Select the algorithm used to verify the integrity of the

data: MD5, SHA-1, or SHA2-256.

Key-In

Enter the integrity key (for ESP with Integrity-mode) for

the inbound policy. The length of the key depends on

the algorithm chosen:

•

MD5: 16 characters

•

SHA-1: 20 characters

•

SHA2-256: 32 characters

Key-Out

Enter the integrity key (for ESP with Integrity-mode) for

the outbound policy. The length of the key depends on

the algorithm chosen, as shown above.

Auto Policy Parameters

For an Auto policy type, enter the settings in the

Auto Policy Parameters

area.

SA-Lifetime

Enter the duration of the Security Association (SA) in

seconds. After the specified number of seconds

passes, the Security Association is renegotiated. The

default value is 3600 seconds. The minimum value is

300 seconds.

Encryption Algorithm

Select the algorithm used to encrypt the data.

Page 113 / 150

Configuring VPN

Managing Certificates

Cisco CVR100W Wireless-N VPN Router Administration Guide

111

6

STEP

4

Click

Save

. Then click

Back

to return to the Advanced VPN Setup page.

STEP

5

Click

IPSec Connection Status

to see the status of all site-to-site VPN policies on

the CVR100W.

Managing Certificates

The CVR100W uses digital certificates for IPsec VPN authentication and SSL

validation (for HTTPS). You can generate and sign your own certificates using

functionality available on the CVR100W.

Generating a New Certificate

You can generate a new certificate to replace the existing certificate on the

CVR100W.

To generate a certificate:

STEP 1

Choose

VPN

>

Certificate Management

.

STEP

2

Click the

Generate a New Certificate

radio button.

STEP

3

Click

Generate Certificate

.

Integrity Algorithm

Select the algorithm used to verify the integrity of the

data.

PFS Key Group

Check

Enable

to enable Perfect Forward Secrecy

(PFS) to improve security. While slower, this protocol

helps to prevent intruders by ensuring that a Diffie-

Hellman exchange is performed for every phase-2

negotiation.

Select IKE Policy

Choose the IKE policy that will define the

characteristics of phase 1 of the negotiation. Click

View

to view or edit the existing IKE policy that is

configured on the CVR100W.

Page 114 / 150

Configuring VPN

Managing Certificates

Cisco CVR100W Wireless-N VPN Router Administration Guide

112

6

Importing Certificates

You can import certificates previously saved to a file.

To import a certificate:

STEP 1

Choose

VPN

>

Certificate Management

.

STEP

2

Click the

Import Certificate From a File

radio button.

STEP

3

Click

Browse

and locate a certificate file.

STEP

4

Click

Install Certificate

.

Exporting Certificates for Admin

The certificate for administrator contains the private key and should be stored in a

safe place as a backup. If the CVR100W’s configuration is restored to the factory

default settings, this certificate can be imported and restored on the CVR100W.

To export a certificate for Admin:

STEP 1

Choose

VPN

>

Certificate Management

.

STEP

2

Click

Export Certificate for Admin

.

The certificate for administrator (admin.pem) will be saved to your local PC.

Exporting Certificates for Client

The certificate for client allows the QuickVPN users to securely connect to the

CVR100W. The certificate must be placed in the installation directory of the

QuickVPN client.

To export a certificate for client:

STEP 1

Choose

VPN

>

Certificate Management

.

STEP

2

Click

Export Certificate for Client

.

Page 115 / 150

Configuring VPN

Configuring VPN Passthrough

Cisco CVR100W Wireless-N VPN Router Administration Guide

113

6

The certificate for client (client.pem) will be saved to your local PC.

Configuring VPN Passthrough

VPN Passthrough allows VPN traffic that originates from VPN clients to pass

through your CVR100W.

To configure VPN passthrough:

STEP 1

Choose

VPN

>

VPN Passthrough

.

STEP

2

Choose the type of traffic to allow to pass through the CVR100W:

STEP

3

Click

Save

.

IPsec Passthrough

Check

Enable

to allow IP security tunnels to pass

through the CVR100W.

PPTP Passthrough

Check

Enable

to allow Point-to-Point Tunneling

Protocol (PPTP) tunnels to pass through the CVR100W.

L2TP Passthrough

Check

Enable

to allow Layer 2 Tunneling Protocol

(L2TP) tunnels to pass through the CVR100W.

Rate

Popular Cisco Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share