Linksys AG241 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Linksys

AG241

Page 56 / 80 Scroll up to view Page 51 - 55

Appendix B: Configuring IPSec between a Windows 2000 or XP Computer and the Gateway

Introduction

ADSL2 Gateway with 4-Port Switch

Appendix B: Configuring IPSec between a Windows 2000

or XP Computer and the Gateway

Introduction

This document demonstrates how to establish a secure IPSec tunnel using preshared keys to join a private

network inside the Gateway and a Windows 2000 or XP computer. You can find detailed information on

configuring the Windows 2000 server at the Microsoft website:

Microsoft KB Q252735 - How to Configure IPSec Tunneling in Windows 2000

http://support.microsoft.com/support/kb/articles/Q252/7/35.asp

Microsoft KB Q257225 - Basic IPSec Troubleshooting in Windows 2000

http://support.microsoft.com/support/kb/articles/Q257/2/25.asp

Environment

The IP addresses and other specifics mentioned in this appendix are for illustration purposes only.

Windows 2000 or Windows XP

IP Address: 140.111.1.2 <= User ISP provides IP Address; this is only an example.

Subnet Mask: 255.255.255.0

WAG54G

WAN IP Address: 140.111.1.1 <= User ISP provides IP Address; this is only an example.

Subnet Mask: 255.255.255.0

LAN IP Address: 192.168.1.1

Subnet Mask: 255.255.255.0

NOTE:

Keep a record of any changes you make.

Those changes will be identical in the Windows

“secpol” application and the Router’s Web-Based

Utility.

NOTE:

This section’s instructions and figures

refer to the Router. Substitute “Gateway” for

“Router”. Also, the text on your screen may differ

from the text in your instructions for “OK or

Close”; click the appropriate button on your

screen.

Page 57 / 80

Appendix B: Configuring IPSec between a Windows 2000 or XP Computer and the Gateway

How to Establish a Secure IPSec Tunnel

ADSL2 Gateway with 4-Port Switch

How to Establish a Secure IPSec Tunnel

Step 1: Create an IPSec Policy

Click the

Start

button, select

Run

, and type

secpol.msc

in the

Open

field.

The

Local Security Setting

screen

will appear as shown in Figure C-1.

Right-click

IP Security Policies on Local Computer

(Win XP) or

IP Security Policies on Local Machine

(Win 2000), and click

Create IP Security Policy

Click the

button, and then enter a name for your policy (for example, to_Router). Then, click

Deselect the

Activate the default response rule

check box, and then click the

button.

Click the

Finish

button, making sure the

Edit

check box is checked.

Step 2: Build Filter Lists

Filter List 1: win->Router

In the new policy’s properties screen, verify that the

Rules

tab is selected, as shown in Figure C-2. Deselect

the

Use Add Wizard

check box, and click the

Add

button to create a new rule.

Make sure the

IP Filter List

tab is selected, and click the

Add

button. (See Figure C-3.)The

IP Filter List

screen should appear, as shown in Figure C-4. Enter an appropriate name, such as win->Router, for the filter

list, and de-select the

Use Add

Wizard

check box. Then, click the

Add

button.

NOTE:

The references in this section to “win” are

references to Windows 2000 and XP. Substitute

the references to “Router” with “Gateway”. Also,

the text on your screen may differ from the text in

your instructions for “OK or Close”; click the

appropriate button on your screen.

Figure B-1: Local Security Screen

Figure B-2: Rules Tab

Figure B-3: IP Filter List Tab

Page 58 / 80

Appendix B: Configuring IPSec between a Windows 2000 or XP Computer and the Gateway

How to Establish a Secure IPSec Tunnel

ADSL2 Gateway with 4-Port Switch

The

Filters Properties

screen will appear, as shown in Figure C-5. Select the

Addressing

tab. In the

Source

address

field, select

My IP Address

. In the

Destination address

field, select

A specific IP Subnet

, and fill in

the IP Address: 192.168.1.0 and Subnet mask: 255.255.255.0. (These are the Router’s default settings. If you

have changed these settings, enter your new values.)

If you want to enter a description for your filter, click the

Description

tab and enter the description there.

Click the

button. Then, click the

button on the

IP Filter List

window.

Filter List 2: Router ->win

The

New Rule Properties

screen will appear, as shown in Figure C-6. Select the

IP Filter List

tab, and make

sure that

win -> Router

is highlighted. Then, click the

Add

button.

Figure B-4: IP Filter LIst

Figure B-5: Filters Properties

Figure B-6: New Rule Properties

Page 59 / 80

Appendix B: Configuring IPSec between a Windows 2000 or XP Computer and the Gateway

How to Establish a Secure IPSec Tunnel

ADSL2 Gateway with 4-Port Switch

The

IP Filter List

screen should appear, as shown in Figure C-7. Enter an appropriate name, such as Router-

>win for the filter list,

and de-select the

Use

Add Wizard

check box. Click the

Add

button.

The

Filters Properties

screen will appear, as shown in Figure C-8. Select the Addressing tab. In the

Source

address

field, select

A specific IP Subnet

, and enter the IP Address: 192.168.1.0 and Subnet mask:

255.255.255.0. (Enter your new values if you have changed the default settings.) In the Destination address

field, select

My IP Address

If you want to enter a description for your filter, click the

Description

tab and enter the description there.

10. Click the

button and the

New Rule Properties

screen should appear with the IP Filer List tab

selected, as shown in Figure C-9. There should now be a listing for “Router -> win” and “win -> Router”.

Click the

(for WinXP) or

(for Win2000) button on the

IP Filter List

window.

Figure B-7: IP Filter List

Figure B-8: Filters Properties

Figure B-9: New Rule Properties

Page 60 / 80

Appendix B: Configuring IPSec between a Windows 2000 or XP Computer and the Gateway

How to Establish a Secure IPSec Tunnel

ADSL2 Gateway with 4-Port Switch

Step 3: Configure Individual Tunnel Rules

Tunnel 1: win->Router

From the

IP Filter List

tab, shown in Figure C-10, click the filter list win->Router.

Click the

Filter Action

tab (as in Figure C-11), and click the filter action

Require Security

radio button. Then,

click the

Edit

button.

From the

Security Methods

tab, shown in Figure C-12, verify that the

Negotiate security

option is enabled,

and deselect the

Accept unsecured communication, but always respond using IPSec

check box. Select

Session key Perfect Forward Secrecy

, and click the

button.

Figure B-12: Security Methods Tab

Figure B-10: IP Filter List Tab

Figure B-11: Filter Acton Tab

Rate

Popular Linksys Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share