Page 56 / 80 Scroll up to view Page 51 - 55
53
Appendix B: Configuring IPSec between a Windows 2000 or XP Computer and the Gateway
Introduction
ADSL2 Gateway with 4-Port Switch
Appendix B: Configuring IPSec between a Windows 2000
or XP Computer and the Gateway
Introduction
This document demonstrates how to establish a secure IPSec tunnel using preshared keys to join a private
network inside the Gateway and a Windows 2000 or XP computer. You can find detailed information on
configuring the Windows 2000 server at the Microsoft website:
Microsoft KB Q252735 - How to Configure IPSec Tunneling in Windows 2000
Microsoft KB Q257225 - Basic IPSec Troubleshooting in Windows 2000
Environment
The IP addresses and other specifics mentioned in this appendix are for illustration purposes only.
Windows 2000 or Windows XP
IP Address: 140.111.1.2 <= User ISP provides IP Address; this is only an example.
Subnet Mask: 255.255.255.0
WAG54G
WAN IP Address: 140.111.1.1 <= User ISP provides IP Address; this is only an example.
Subnet Mask: 255.255.255.0
LAN IP Address: 192.168.1.1
Subnet Mask: 255.255.255.0
NOTE:
Keep a record of any changes you make.
Those changes will be identical in the Windows
“secpol” application and the Router’s Web-Based
Utility.
NOTE:
This section’s instructions and figures
refer to the Router. Substitute “Gateway” for
“Router”. Also, the text on your screen may differ
from the text in your instructions for “OK or
Close”; click the appropriate button on your
screen.
Page 57 / 80
54
Appendix B: Configuring IPSec between a Windows 2000 or XP Computer and the Gateway
How to Establish a Secure IPSec Tunnel
ADSL2 Gateway with 4-Port Switch
How to Establish a Secure IPSec Tunnel
Step 1: Create an IPSec Policy
1.
Click the
Start
button, select
Run
, and type
secpol.msc
in the
Open
field.
The
Local Security Setting
screen
will appear as shown in Figure C-1.
2.
Right-click
IP Security Policies on Local Computer
(Win XP) or
IP Security Policies on Local Machine
(Win 2000), and click
Create IP Security Policy
.
3.
Click the
Next
button, and then enter a name for your policy (for example, to_Router). Then, click
Next
.
4.
Deselect the
Activate the default response rule
check box, and then click the
Next
button.
5.
Click the
Finish
button, making sure the
Edit
check box is checked.
Step 2: Build Filter Lists
Filter List 1: win->Router
1.
In the new policy’s properties screen, verify that the
Rules
tab is selected, as shown in Figure C-2. Deselect
the
Use Add Wizard
check box, and click the
Add
button to create a new rule.
2.
Make sure the
IP Filter List
tab is selected, and click the
Add
button. (See Figure C-3.)The
IP Filter List
screen should appear, as shown in Figure C-4. Enter an appropriate name, such as win->Router, for the filter
list, and de-select the
Use Add
Wizard
check box. Then, click the
Add
button.
NOTE:
The references in this section to “win” are
references to Windows 2000 and XP. Substitute
the references to “Router” with “Gateway”. Also,
the text on your screen may differ from the text in
your instructions for “OK or Close”; click the
appropriate button on your screen.
Figure B-1: Local Security Screen
Figure B-2: Rules Tab
Figure B-3: IP Filter List Tab
Page 58 / 80
55
Appendix B: Configuring IPSec between a Windows 2000 or XP Computer and the Gateway
How to Establish a Secure IPSec Tunnel
ADSL2 Gateway with 4-Port Switch
3.
The
Filters Properties
screen will appear, as shown in Figure C-5. Select the
Addressing
tab. In the
Source
address
field, select
My IP Address
. In the
Destination address
field, select
A specific IP Subnet
, and fill in
the IP Address: 192.168.1.0 and Subnet mask: 255.255.255.0. (These are the Router’s default settings. If you
have changed these settings, enter your new values.)
4.
If you want to enter a description for your filter, click the
Description
tab and enter the description there.
5.
Click the
OK
button. Then, click the
OK
or
Close
button on the
IP Filter List
window.
Filter List 2: Router ->win
6.
The
New Rule Properties
screen will appear, as shown in Figure C-6. Select the
IP Filter List
tab, and make
sure that
win -> Router
is highlighted. Then, click the
Add
button.
Figure B-4: IP Filter LIst
Figure B-5: Filters Properties
Figure B-6: New Rule Properties
Page 59 / 80
56
Appendix B: Configuring IPSec between a Windows 2000 or XP Computer and the Gateway
How to Establish a Secure IPSec Tunnel
ADSL2 Gateway with 4-Port Switch
7.
The
IP Filter List
screen should appear, as shown in Figure C-7. Enter an appropriate name, such as Router-
>win for the filter list,
and de-select the
Use
Add Wizard
check box. Click the
Add
button.
8.
The
Filters Properties
screen will appear, as shown in Figure C-8. Select the Addressing tab. In the
Source
address
field, select
A specific IP Subnet
, and enter the IP Address: 192.168.1.0 and Subnet mask:
255.255.255.0. (Enter your new values if you have changed the default settings.) In the Destination address
field, select
My IP Address
.
9.
If you want to enter a description for your filter, click the
Description
tab and enter the description there.
10. Click the
OK
or
Close
button and the
New Rule Properties
screen should appear with the IP Filer List tab
selected, as shown in Figure C-9. There should now be a listing for “Router -> win” and “win -> Router”.
Click the
OK
(for WinXP) or
Close
(for Win2000) button on the
IP Filter List
window.
Figure B-7: IP Filter List
Figure B-8: Filters Properties
Figure B-9: New Rule Properties
Page 60 / 80
57
Appendix B: Configuring IPSec between a Windows 2000 or XP Computer and the Gateway
How to Establish a Secure IPSec Tunnel
ADSL2 Gateway with 4-Port Switch
Step 3: Configure Individual Tunnel Rules
Tunnel 1: win->Router
1.
From the
IP Filter List
tab, shown in Figure C-10, click the filter list win->Router.
2.
Click the
Filter Action
tab (as in Figure C-11), and click the filter action
Require Security
radio button. Then,
click the
Edit
button.
3.
From the
Security Methods
tab, shown in Figure C-12, verify that the
Negotiate security
option is enabled,
and deselect the
Accept unsecured communication, but always respond using IPSec
check box. Select
Session key Perfect Forward Secrecy
, and click the
OK
button.
Figure B-12: Security Methods Tab
Figure B-10: IP Filter List Tab
Figure B-11: Filter Acton Tab

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top