1. Home
    2. /
  2. Manuals
    3. /
  3. Cisco
    4. /
  4. WRVS4400Nv2
    5. /
  5. 16
Page 76 / 180 Scroll up to view Page 71 - 75
WRVS4400N User Guide
70
VPN Tab
Setting Up and Configuring the Router
IPSec VPN
Virtual Private Network (VPN) is a security measure that creates a secure connection between
two remote locations. Configure these settings so the Gateway will create VPN tunnels.
IPSec VPN Tunnel
Select Tunnel Entry
—Select a tunnel to configure.
Delete
—Deletes all settings for the selected tunnel.
Summary
—Shows the settings and status of all enabled tunnels.
IPSec VPN Tunnel
—Check the Enable option to enable this tunnel.
Tunnel Name
—Enter a name for this tunnel, such as "LA Office".
Local Group Setup
Local Security Gateway Type
—There are two types. They are IP Only, IP + Domain Name
(FQDN) Authentication.
IP Only
—If you select IP Only, only the specific IP Address will be able to access the
tunnel. The WAN IP of RVS4000 will appear in this field automatically.
IP + Domain Name (FQDN) Authentication
—If you select this type, enter the FQDN
(Fully Qualified Domain Name), and IP address will come out automatically. The FQDN is
the host name and domain name for a specific computer on the Internet, for example,
vpn.myvpnserver.com
. The IP and FQDN must be same with the Remote Security
Gateway type of the remote VPN device, and the same IP and FQDN can be only for one
tunnel connection.
Downloaded from
www.Manualslib.com
manuals search engine
Page 77 / 180
WRVS4400N User Guide
71
VPN Tab
Setting Up and Configuring the Router
Local Security Group Type
—Select the local LAN user(s) behind the router that can use this
VPN tunnel. This may be a single IP address or Sub-network. Notice that the Local Secure Group
must match the other router's Remote Secure Group.
IP Address
—Enter the IP address on the local network.
Subnet Mask
—If the "Subnet" option is selected, enter the mask to determine the IP addresses
on the local network.
Remote Group Setup
Remote Security Gateway Type
—There are two types. They are IP Only, IP + Domain Name
(FQDN) Authentication. The type of Remote Security Gateway should match with the Local
Security Gateway Type of VPN devices in the other end of tunnel.
IP Only
—If you select
IP Only
, only the specific IP Address that you enter will be able to
access the tunnel. It's the IP Address of the remote VPN Router or device which you wish
to communicate. The remote VPN device can be another VPN Router or a VPN Server. If
you know the static IP address of remote VPN device, select
IP address
from drop-down
menu. If you don't know the static IP address of remote VPN device, but the domain
name of remote VPN device is known, you can select
IP by DNS Resolved
, and enter the
real domain name on the Internet. WRVS4400N will get the IP address of remote VPN
device by DNS Resolved, and IP address of remote VPN device will be displayed on VPN
Status of Summary page
IP + Domain Name (FQDN) Authentication
—If you select this type, enter the FQDN
(Fully Qualified Domain Name) and IP address of the VPN device at the other end of the
tunnel. If you know the static IP address of remote VPN device, select
IP address
from
drop-down menu. If you don't know the static IP address of remote VPN device, but the
domain name of remote VPN device is known, you can select
IP by DNS Resolved
, and
enter the real domain name on the Internet. WRVS4400N will get the IP address of
remote VPN device by DNS Resolved, and IP address of remote VPN device will be
displayed on VPN Status of Summary page. Then, enter the Domain Name as an ID, it
can be not a real domain name on Internet. The IP and Domain Name ID must be same
with the Local Gateway of the remote VPN device, and the same IP and Domain Name ID
can be only for one tunnel connection.
Remote Security Group
—Select the remote LAN user(s) behind the remote gateway who can
use this VPN tunnel. This may be a single IP address, a Sub-network, or any addresses. If "Any" is
set, the router acts as responder and accepts request from any remote user. Notice that the
Remote Secure Group must match the other router's Local Secure Group.
IP Address
—Enter the IP address on the local network.
Subnet Mask
—If the "Subnet" option is selected, enter the mask to determine the IP addresses
on the local network.
Remote Security Gateway
—Select the desired option - IP address.
IP
—The IP address in this field must match the public IP address (i.e. WAN IP Address) of the
remote gateway at the other end of this tunnel.
Downloaded from
www.Manualslib.com
manuals search engine
Page 78 / 180
WRVS4400N User Guide
72
VPN Tab
Setting Up and Configuring the Router
IPSec Setup
Keying Mode
—The router supports both
IKE with Preshared Key
(automatic) and
Manual
key management.
When choosing automatic key management, IKE (Internet Key Exchange)
protocols are used to negotiate key material for SA. If manual key management is selected, no
key negotiation is needed. Basically, manual key management is used in small static
environments or for troubleshooting purpose. Notice that both sides must use the same Key
Management method.
Encryption
—The Encryption method determines the length of the key used to encrypt/
decrypt ESP packets.
3DES
is supported. Notice that both sides of the VPN tunnel must use the
same Encryption method.
Authentication
—Authentication determines a method to authenticate the ESP packets. Either
MD5
or
SHA1
may be selected. Both sides of the VPN tunnel must use the same Authentication
method.
MD5
—A one way hashing algorithm that produces a 128-bit digest.
SHA1
—A one way hashing algorithm that produces a 160-bit digest.
Preshared Key
— IKE uses the Pre-shared Key field to authenticate the remote IKE peer. Both
character and hexadecimal value are acceptable in this field. for example; "My_@123" or
"0x4d795f40313233".
Both sides must use the same Pre-shared Key.
Key Lifetime
—Specifies the lifetime of the IKE generated key. If the time expires, a new key will
be renegotiated automatically. The Key Lifetime may range from 1081 to 86400 seconds. The
default value for Phase 1 is 28800 seconds, and default value for Phase 2 is 3600 seconds
Group
— For Diffie-Hellman key negotiation. There are 3 groups available for ISAKMP SA
establishment, 768-bit, 1024-bit, 1536-bit represent different bits used in Diffie-Hellman mode
operation. The default value is Group 768-bit.
Downloaded from
www.Manualslib.com
manuals search engine
Page 79 / 180
WRVS4400N User Guide
73
VPN Tab
Setting Up and Configuring the Router
Encryption
— The Encryption method determines the length of the key used to encrypt/
decrypt ESP packets. 3DES is supported. Notice that both sides of the VPN tunnel must use the
same Encryption method.
Authentication
— Authentication determines a method to authenticate the ESP packets. Either
MD5 or SHA1 may be selected. Notice that both sides (VPN endpoints) must use the same
Authentication method.
MD5— A one way hashing algorithm that produces a 128-bit digest.
SHA1— A one way hashing algorithm that produces a 160-bit digest.
Perfect Forward Secrecy
— If PFS is enabled, IKE Phase 2 negotiation will generate a new key
material for IP traffic encryption and authentication. Note: that both sides must have this
selected.
Preshared Key
— This field specifies a key used to authenticate IP traffic. Both character and
hexadecimal value are acceptable in this field. Note: that both sides must use the same
Authentication Key.
Inbound SPI/Outbound SPI
—The SPI (Security Parameter Index) is carried in the ESP header.
This enables the receiver to select the SA, under which a packet should be processed. The SPI is
a 32-bit value. Both decimal and hexadecimal values are acceptable. e.g. "987654321" or
"0x3ade68b1". Each tunnel must have unique an Inbound SPI and Outbound SPI. No two
tunnels share the same SPI. Notice that Inbound SPI must match the other router's Outbound
SPI, and vice versa
Status
This field shows the connection status for the selected tunnel. The state is either connected or
disconnected.
Buttons
Connect
—Establish a connection for the current VPN tunnel. If you have made any changes,
click Save Settings to first apply your changes.
Disconnect
—Break a connection for the current VPN tunnel.
View Log
—View the VPN log, which shows details of each tunnel established.
Advanced Button
Aggressive Mode
—There are two types of Phase 1 exchanges: Main mode and Aggressive
mode. Aggressive Mode requires half of the main mode messages to be exchanged in Phase 1
of the SA exchange. If network security is preferred, select Main mode.
NetBIOS broadcast
—Check the box to enable NetBIOS traffic to pass through the VPN tunnel.
By default, WRVS4400Nv2 blocks these broadcasts.
Click the
Save Settings
button to apply your changes or
Cancel Changes
button to cancel.
Downloaded from
www.Manualslib.com
manuals search engine
Page 80 / 180
WRVS4400N User Guide
74
VPN Tab
Setting Up and Configuring the Router
VPN Client Accounts
Use this page to administer your VPN Client users. Enter the information at the top of the screen
and the users you've entered appear in the list at the bottom, showing their status. This will
work with the Linksys QuickVPN client only. (The Router supports up to five Linksys QuickVPN
Clients by default. Additional QuickVPN Client licenses can be purchased separately. See
www.linksys.com for more information.
Username
—Enter the username using any combination of keyboard characters.
Password
—Enter the password you would like to assign to this user.
Re-enter to Confirm
—Retype the password to ensure that it has been entered correctly.
Allow User to Change Password
—Determines whether the user is allowed to change their
password.
VPN Client List Table
No
—Displays the user number.
Active
—When checked, the designated user can connect, otherwise the VPN client account is
disabled.
Downloaded from
www.Manualslib.com
manuals search engine

Rate

4.5 / 5 based on 2 votes.

Popular Cisco Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top