Linksys BEFVP41v2 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Linksys

BEFVP41v2

Page 41 / 63 Scroll up to view Page 36 - 40

EtherFast

Cable/DSL VPN Router with 4-Port 10/100 Switch

Instant Broadband

Series

Appendix B: Maximizing VPN

Security

Just as you maximized your network security with a firewall router, you should

also maximize security for your data with the VPN Router.

IPSec is compatible with most VPN endpoints and ensures privacy and authen-

tication for data, while authenticating user identification. With IPSec, authen-

tication is based upon the PC's IP Address. This not only confirms the user's

identity but also establishes the secure tunnel at the network layer, protecting

all data that passes through.

By operating at the network layer, IPSec is independent of any applications

running on the network. This way, it doesn't harm your PC's performance and

still allows you to do more with greater security. Still, it is important to note

that IPSec encryption does create a slight slowdown in network throughput,

due to encrypting and decrypting data.

Some VPNs will still leave the IP headers decrypted. These headers contain the

IP Addresses for the users at both ends of the VPN tunnel and can be utilized

by the hacker in future attacks. The VPN Router, however, does not leave the

IP headers decrypted. Using a method called PFS (Perfect Forward Secrecy),

not only are the IP headers encrypted but the secret keys used to secure the tun-

nel are encrypted as well.

All of this protection actually comes at a lower cost than most VPN endpoint

software packages. The VPN Router will allow the users on your network to

secure their data over the Internet without having to purchase the extra client

licenses that other VPN hardware manufacturers and software packages will

require. With VPN functions handled by the router, rather than your PC (which

software packages would require), this frees up your PCs to perform more

functions, more efficiently. An additional benefit is that you aren't required to

reconfigure any of your network PCs.

As secure as the VPN Router makes your data, there are still more ways to max-

imize security. The following are a few suggestions on how to increase data

security beyond the VPN Router.

Maximize security on your other networks. Install firewall routers for your

Internet connections, and use the most up-to-date security measures for

wireless networking.

Narrow the scope of your VPN tunnel as much as possible. Rather than

allowing a range of IP Addresses, use the addresses specific to the end-

points required.

Do not set the Remote Security Group to Any, as this will open the VPN to

any IP Address. Host a specific IP address.

Maximize encryption and authentication. Use 3DES encryption and SHA

authentication whenever possible.

Manage your pre-shared keys. Change pre-shared keys regularly.

Data transmission over the Internet is a hole in network security that is often

overlooked. With VPN maximized, along with the use of a firewall router and

wireless security, you can secure your data even when it leaves your network.

Downloaded from

www.Manualslib.com

manuals search engine

Page 42 / 63

EtherFast

Cable/DSL VPN Router with 4-Port 10/100 Switch

Instant Broadband

Series

Appendix C: Configuring IPSec

between a Windows 2000 or XP

P C and the VPN Router

This document demonstrates how to establish a secure IPSec tunnel using pre-

shared keys to join a private network inside the VPN Router and a Windows

2000 or XP PC. You can find detailed information on configuring the Windows

2000 server at the Microsoft website:

Microsoft KB Q252735 - How to Configure IPSec Tunneling in Windows 2000

http://support.microsoft.com/support/kb/articles/Q252/7/35.asp

Microsoft KB Q257225 - Basic IPSec Troubleshooting in Windows 2000

http://support.microsoft.com/support/kb/articles/Q257/2/25.asp

The IP addresses and other specifics mentioned in this appendix are for illus-

tration purposes only.

Windows 2000 or Windows XP

IP Address: 140.111.1.2 <= User ISP provides IP Address; this is only an

example.

Subnet Mask: 255.255.255.0

BEFSX41

WAN IP Address: 140.111.1.1 <= User ISP provides IP Address; this is only an

example.

Subnet Mask: 255.255.255.0

LAN IP Address: 192.168.1.1

Subnet Mask: 255.255.255.0

Introduction

Environment

Click the

Start

button, select

Run

, and type

secpol.msc

in the Open field.

The Local Security Setting screen will appear as shown in Figure C-1.

Right-click

IP Security Policies on Local Computer

, and click

Create IP

Security Policy

Click the

button, and then enter a name for your policy (for example,

to_router

). Then, click

Deselect the

Activate the default response rule

check box, and then click

the

button.

Click the

Finish

button, making sure the

Edit

check box is checked.

Step One: Create an IPSec Policy

Figure C-1

Note:

Keep a record of any changes you make. Those changes will be

identical in the Windows “secpol” application and the Router’s Web-

Based Utility.

Downloaded from

www.Manualslib.com

manuals search engine

Page 43 / 63

EtherFast

Cable/DSL VPN Router with 4-Port 10/100 Switch

Instant Broadband

Series

Filter List 1: win->router

In the new policy’s prop-

erties screen, verify that

the

Rules

tab is selected,

as shown in Figure C-2.

Deselect the

Use Add

Wizard

check box, and

click the

Add

button to

create a new rule.

Make sure the

IP Filter

List

tab is selected, and

click the

Add

button.

Figure C-2

Figure C-3

Note:

The references

in this section to

“win” are references

to Windows

2000

and XP.

Step Two: Build Filter Lists

The

IP Filter List

screen should appear, as shown in Figure C-4. Enter an

appropriate name, such as

win->router

, for the filter list, and de-select the

Use Add Wizard

check box. Then, click the

Add

button.

The

Filters Properties

screen will appear, as

shown in Figure C-5.

Select the

Addressing

tab.

the

Source

address field, select

IP Address

the

Destination

address

field, select

A specific

IP Subnet

, and fill in the

IP Address:

192.168.1.0

and

Subnet

mask:

255.255.255.0

(These

are the Router’s default

settings. If you have

changed these settings,

enter your new values.)

Figure C-5

Figure C-4

Downloaded from

www.Manualslib.com

manuals search engine

Page 44 / 63

EtherFast

Cable/DSL VPN Router with 4-Port 10/100 Switch

Instant Broadband

Series

If you want to enter a description for your filter, click the

Description

tab

and enter the description there.

Click the

button. Then, click the

(for Windows XP) or

(for

Windows 2000) button on the

IP Filter List

window.

Filter List 2: router=>win

The

New Rule Properties

screen will appear, as shown in Figure C-6. Select

the

IP Filter List

tab, and make sure that

win -> router

is highlighted.

Then, click the

Add

button.

Figure C-6

The

IP Filter List

screen should appear, as shown in Figure C-7. Enter an

appropriate name, such as

router->win

for the filter list,

and de-select the

Use Add Wizard

check box. Click the

Add

button.

The

Filters Properties

screen will appear, as

shown in Figure C-8.

Select the

Addressing

tab.

the

Source

address field, select

specific IP Subnet

, and

enter the IP Address:

192.168.1.0

and Subnet

mask:

255.255.255.0

(Enter your new values if

you have changed the

default settings.) In the

Destination

address

field,

select

Address

Figure C-7

Figure C-8

Downloaded from

www.Manualslib.com

manuals search engine

Page 45 / 63

EtherFast

Cable/DSL VPN Router with 4-Port 10/100 Switch

Instant Broadband

Series

10. If you want to enter a description for your filter, click the

Description

tab

and enter the description there.

11. Click the

button and the

New Rule Properties

screen should appear

with the IP Filer List tab selected, as shown in Figure C-9. There should

now be a listing for “router -> win” and “win -> router”. Click the

(for

WinXP) or

(for Win2000) button on the

IP Filter List

window.

Figure C-9

Tunnel 1: win->router

From the

IP Filter List

tab, shown in Figure C-

10, click the filter list

win->router

Click the

Filter Action

tab (as in Figure C-11),

and click the filter action

Require Security

radio

button. Then, click the

Edit

button.

Figure C-11

Figure C-10

Step Three: Configure Individual Tunnel Rules

Downloaded from

www.Manualslib.com

manuals search engine

Rate

Popular Linksys Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share