Cisco RV130 Router Manual PDF (Setup & Configuration Guide)

Page 106 / 141 Scroll up to view Page 101 - 105

Configuring VPN

Configuring Site-to-Site IPsec VPN Advanced Parameters

Cisco RV130/RV130W Wireless Multifunction VPN Router Administration Guide

103

6

-

Auto Policy

—Some parameters for the VPN tunnel are generated

automatically. This requires using the Internet Key Exchange (IKE)

protocol for negotiations between the two VPN endpoints.

-

Manual Policy

—All parameters (including the keys) for the VPN tunnel

are manually entered for each end point. No third-party server or

organization is involved.

c.

Remote Endpoint—

Select the type of identifier that you want to provide for

the gateway at the remote endpoint:

IP Address

or

FQDN

(Fully Qualified

Domain Name). Enter the IP address or the FQDN.

STEP

3

In the

Local Traffic Selection

and

Remote Traffic Selection

sections:

•

In

the Local IP and Remote IP

fields, indicate how many endpoints will be

part of the VPN policy:

-

Single

—Limits the policy to one host. Enter the IP address of the host that

will be part of the VPN in the

IP Address

field.

-

Subnet

—Allows an entire subnet to connect to the VPN. Enter the

network address in the

IP Address

field, and enter the subnet mask in the

Subnet Mask

field. Enter the subnet’s network IP address in the

IP

Address

field. Enter the subnet mask, such as 255.255.255.0, in the

Subnet Mask

field. The field automatically displays the default subnet

address based on the IP address.

Note: Do not use overlapping subnets for remote or local traffic selectors. Using

these subnets would require adding static routes on the router and the hosts to be

used. For example, avoid:

Local Traffic Selector: 192.168.1.0/24

Remote Traffic Selector: 192.168.0.0/16

STEP

4

For a Manual policy type, enter the settings in the

Manual Policy Parameters

section:

•

SPI-Incoming, SPI-Outgoing

—Enter a hexadecimal value between 3 and 8

characters; for example, 0x1234. Security Parameter Index (SPI) identifies

the Security Association of the incoming and outgoing traffic streams.

•

Manual Encryption Algorithm

—Select the algorithm used to encrypt the

data.

•

Key-In, Key-Out

—Enter the encryption key of the inbound and outbound

policy. The length of the key depends on the encryption algorithm chosen:

Page 107 / 141

Configuring VPN

Configuring Site-to-Site IPsec VPN Advanced Parameters

Cisco RV130/RV130W Wireless Multifunction VPN Router Administration Guide

104

6

-

DES—8 characters

-

3DES—24 characters

-

AES-128—16 characters

-

AES-192—24 characters

-

AES-256—32 characters

•

Manual Integrity Algorithm

—Select the algorithm used to verify the

integrity of the data.

•

Key-In, Key Out

—Enter the integrity key (for ESP with Integrity-mode) for

the inbound and outbound policy. The length of the key depends on the

algorithm chosen:

-

MD5—16 characters

-

SHA-1—20 characters

-

SHA2-256—32 characters

STEP

5

For an Auto policy type, enter the settings in the

Auto Policy Parameters

section.

•

SA-Lifetime

—Enter the duration of the Security Association in seconds.

After the specified number of seconds, the Security Association is

renegotiated. The default value is 3600 seconds. The minimum value is 300

seconds.

•

Encryption Algorithm—

Select the algorithm used to encrypt the data.

•

Integrity Algorithm—

Select the algorithm used to verify the integrity of the

data.

•

PFS Key Group—

Check the

Enable

box to enable Perfect Forward Secrecy

(PFS) to improve security. While slower, this protocol helps to prevent

eavesdroppers by ensuring that a Diffie-Hellman exchange is performed for

every phase-2 negotiation.

•

DH Group

—

Specify the DH Group algorithm used when exchanging a pre-

shared key. The DH Group sets the strength of the algorithm in bits. Ensure

that the DH Group is configured identically on both sides of the IKE policy.

•

Select IKE Policy—

Choose the IKE policy that will define the

characteristics of the SA negotiation.

STEP

6

Click Save.

Page 108 / 141

Configuring VPN

Configuring IPsec VPN Server

Cisco RV130/RV130W Wireless Multifunction VPN Router Administration Guide

105

6

Configuring IPsec VPN Server

Using IPsec VPN enables secure remote access to corporate resources by

establishing an encrypted tunnel across the Internet. Your device supports the

following IPsec VPN clients:

•

TheGreenBow

•

ShrewSoft

Configuring the IPsec VPN Server

To configure the IPsec VPN server:

STEP 1

Choose VPN > IPsec VPN Server> Setup.

STEP

2

Check the Server Enable check box.

STEP

3

In the Phase 1 section, configure settings to authenticate the two VPN endpoints to

each other and negotiate the IKE Security Association (SA) so that a secure

channel is set up for negotiating SAs in Phase 2.

a.

In the Pre-Shared Key field, enter the pre-shared key or password that will be

exchanged between your device and the remote endpoint. The password

must be between 8 and 49 characters.

b.

In the Exchange Mode

field, choose one of the following modes for the IPsec

VPN connection:

-

Main

—Negotiate the tunnel with higher security, but is slower.

-

Aggressive

—Establish a faster connection, but with lowered security.

c.

Choose the

Encryption Algorithm

to encrypt data and choose the

Authentication Algorithm

for the VPN header. Ensure that the authentication

algorithm is configured identically on both your device and the remote

endpoint.

d.

In the

Diffie-Hellman (DH) Group

field, specify the Diffie-Hellman Group

algorithm used when exchanging a pre-shared key sets the strength of the

algorithm in bits. Ensure that the DH Group is configured identically on both

your device and the remote endpoint.

e.

In the IKE SA-Lifetime field, enter the duration, in seconds, after which the

Security Association for the VPN connection is renegotiated.

Page 109 / 141

Configuring VPN

Configuring IPsec VPN Server

Cisco RV130/RV130W Wireless Multifunction VPN Router Administration Guide

106

6

STEP

4

In the Phase 2 Configuration section, configure parameters to negotiate IPsec

Security Association (SA) for the IPsec tunnel:

a.

In the

Local IP

field, indicate how many endpoints will be part of the VPN

policy:

•

Single

—Limits the policy to one host. Enter the IP address of the host that

will be part of the VPN in the

IP Address

field.

•

Subnet

—Allows an entire subnet to connect to the VPN. Enter the

network address in the

IP Address

field, and enter the subnet mask in the

Subnet Mask

field. Enter the subnet’s network IP address in the

IP

Address

field. Enter the subnet mask, such as 255.255.255.0, in the

Subnet Mask

field. The field automatically displays the default subnet

address based on the IP address.

b.

In the IPsec SA Lifetime

field, enter the duration, in seconds, after which the

IPsec Security Association for the VPN connection is renegotiated.

c.

Choose the

Encryption Algorithm

to encrypt data and choose the

Authentication Algorithm

for the VPN header. Ensure that the authentication

algorithm is configured identically on both your device and the remote

endpoint.

d.

To create a more secure IPsec VPN connection, check the PFS Key Group

Enable check box, ensuring a new Diffie-Hellman key exchange in phase 2.

Perfect Forward Secrecy (PFS) creates an additional layer of security by

protecting your data with a new key, in case the DH key generated in phase 1 is

compromised in transit. Ensure that both IPsec endpoints have PFS enabled.

STEP

5

Click Save.

Configuring IPsec VPN User Accounts

STEP 1

Choose VPN > IPsec VPN Server > User.

STEP

2

Click Add Row.

STEP

3

Enter a username and password.

We recommended that the password contains no dictionary words from any

language, and is a mix of letters (both uppercase and lowercase), numbers, and

symbols. The password can be up to 64 characters long.

STEP

4

To import usernames and passwords from a CSV file, click Import. The

Administration > Users page is displayed. In the Import Username and Password

Page 110 / 141

Configuring VPN

Configuring PPTP

Cisco RV130/RV130W Wireless Multifunction VPN Router Administration Guide

107

6

section, click Browse to locate the file, and click Import. See

Importing User

Accounts

for more information.

STEP

5

Save your user accounts.

Configuring PPTP

Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the

secure transfer of data from a remote client to a business network by creating a

secure VPN connection across public networks, such as the Internet.

Configuring the PPTP Server

To configure the PPTP VPN server:

STEP 1

Choose

VPN

>

PPTP Server

.

STEP

2

In the

PPTP Server Configuration

section, configure the PPTP VPN settings:

a.

Check the PPTP Server Enable check box.

b.

Enter the IP address of the PPTP server.

c.

Enter the range of IP addresses for PPTP clients.

d.

To encrypt the data passing through the PPTP VPN connection, check the

MPPE Encryption Enable

check box.

STEP

3

Click

Save

.

Creating and Managing PPTP Users

To create and enable PPTP users:

STEP 1

Choose VPN > PPTP Server. In the

PPTP

User Account Table

, click

Add Row

.

STEP

2

Enter the username and password that will authenticate the PPTP user. Enter

values that are between 4 to 32 characters long.

STEP

3

Check the Enable check box for the user.

Rate

Popular Cisco Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share