Page 61 / 80
Scroll up to view Page 56 - 60
58
Appendix B: Configuring IPSec between a Windows 2000 or XP Computer and the Gateway
How to Establish a Secure IPSec Tunnel
ADSL2 Gateway with 4-Port Switch
4.
Select the
Authentication Methods
tab, shown in Figure C-13, and click the
Edit
button.
5.
Change the authentication method to
Use this string to protect the key exchange (preshared key)
, as
shown in Figure C-14, and enter the preshared key string, such as XYZ12345. Click the
OK
button.
6.
This new Preshared key will be displayed in Figure C-15. Click the
Apply
button to continue, if it appears on
your screen, otherwise proceed to the next step.
Figure B-13: Authentication Methods
Figure B-14: Preshared Key
Figure B-15: New Preshared Key
Page 62 / 80
59
Appendix B: Configuring IPSec between a Windows 2000 or XP Computer and the Gateway
How to Establish a Secure IPSec Tunnel
ADSL2 Gateway with 4-Port Switch
7.
Select the
Tunnel Setting
tab, shown in Figure C-16, and click
The tunnel endpoint is specified by this IP
Address
radio button. Then, enter the Router’s WAN IP Address.
8.
Select the
Connection Type
tab, as shown in Figure C-17, and click
All network connections
. Then, click
the
OK
or
Close
button to finish this rule.
Tunnel 2: Router->win
9.
In the new policy’s properties screen, shown in Figure C-18, make sure that “win -> Router” is selected and
deselect the
Use
Add Wizard
check box. Then, click the
Add
button to create the second IP filter.
Figure B-16: Tunnel Setting Tab
Figure B-17: Connection Type Tab
Figure B-18: Properties Screen
Page 63 / 80
60
Appendix B: Configuring IPSec between a Windows 2000 or XP Computer and the Gateway
How to Establish a Secure IPSec Tunnel
ADSL2 Gateway with 4-Port Switch
10. Go to the
IP Filter List
tab, and click the filter list
Router->win
, as shown in Figure C-19.
11. Click the
Filter Action
tab, and select the filter action
Require Security
, as shown in Figure C-20. Then, click
the
Edit
button. From the
Security Methods
tab, shown previously in Figure C-12, verify that the
Negotiate
security
option is enabled, and deselect the
Accept unsecured communication, but always respond
using IPSec
check box. Select
Session key Perfect Forward Secrecy
, and click the
OK
button.
12. Click the
Authentication Methods
tab, and verify that the authentication method
Kerberos
is selected, as
shown in Figure C-21. Then, click the
Edit
button.
Figure B-19: IP Filter List Tab
Figure B-20: Filter Action Tab
Figure B-21: Authentication Methods Tab
Page 64 / 80
61
Appendix B: Configuring IPSec between a Windows 2000 or XP Computer and the Gateway
How to Establish a Secure IPSec Tunnel
ADSL2 Gateway with 4-Port Switch
13. Change the authentication method to
Use this string to protect the key exchange
(preshared key)
, and
enter the preshared key string, such as XYZ12345, as shown in Figure C-22. (This is a sample key string.
Yours should be a key that is unique but easy to remember.) Then click the
OK
button.
14. This new Preshared key will be displayed in Figure C-23. Click the
Apply
button to continue, if it appears on
your screen, otherwise proceed to the next step.
15. Click the
Tunnel Setting
tab, shown in Figure C-24, click the radio button for
The tunnel endpoint is
specified by this IP Address,
and enter the Windows 2000/XP computer’s IP Address.
Figure B-22: Preshared Key
Figure B-23: New Preshared Key
Figure B-24: Tunnel Setting Tab
Page 65 / 80
62
Appendix B: Configuring IPSec between a Windows 2000 or XP Computer and the Gateway
How to Establish a Secure IPSec Tunnel
ADSL2 Gateway with 4-Port Switch
16. Click the
Connection Type
tab, shown in Figure C-25, and select
All network connections
. Then click the
OK
or
Close
button to finish.
17. From the
Rules
tab, shown in Figure C-26, click the
OK
or
Close
button to return to the secpol screen.
Step 4: Assign New IPSec Policy
In the IP Security Policies on
Local Computer
window, shown in Figure C-27, right-click the policy named
to_Router
, and click
Assign
. A green arrow appears in the folder icon.
Figure B-25: Connection Type
Figure B-26: Rules
Figure B-27: Local Computer