Page 51 / 77 Scroll up to view Page 46 - 50
47
VPN
Linksys
47
VPN
VPN (Virtual Private Network) is a technology that enables two private networks
to establish a secure and encrypted connection across public network, such as
the Internet. VPN allows remote user, say a branch office or employee at home,
to access the company intranet and share files, video conference or access
servers, i.e., ERP or mail server.
The router provides several VPN protocols. You can choose which kinds of VPN
technology are most suitable for your network structure and using scenarios.
Summary
The Summary page features details on the current status of VPN tunnel. The
router supports up to 50 tunnels.
NOTE:
Summary information about PPTP only appears when you enable the PPTP
server.
Summary
Tunnel(s) Used:
The number of VPN tunnels in use.
Tunnels Available:
The total number of VPN tunnels the router will
support.
Detail:
Click Refresh to update the data, or click Close to
return to summary page.
Tunnel Status
Tunnel(s) Enabled:
How many tunnels are enabled by the administrator.
Tunnel(s) Defined:
How many tunnels are defined by the administrator:
enabled and disabled.
The table displays the following information about each tunnel:
No.:
Indicates the number of the tunnel.
Name:
VPN tunnel connection name, such as XXX OfficeGive the
tunnels different names to avoid confusion if you have more
than one tunnel connected.
Status:
Connected or Waiting for Connection.
Phase2
Encrypt/
Auth/Group:
Displays settings such as Encryption type (NULL/DES/3DES/
AES-128/AES-192/AES-256), Authentication method (NULL/
MD5/SHA1), and DH Group number (1/2/5)
If users select Manual setting for IPSec, Phase 2 DH group
will not display.
Local Group:
Settings for local VPN connection secure group.
Remote
Group:
Settings for remote VPN connection secure group.
Remote
Gateway:
The IP address of the Remote Gateway.
Tunnel Test:
Click “Connect” to verify the tunnel status. The test result will
be updated. To disconnect, click “Disconnect” to stop the
VPN connection. To delete tunnel settings, select a tunnel,
and then click the Delete icon.
Config.:
Setting icons include Edit and Delete. Click on Edit to change
settings. Click Delete to remove all tunnel settings.
Page 52 / 77
48
VPN
Linksys
Add:
Add a new tunnel and choose Gateway to Gateway or Client
to Gateway..
Group VPN Status
If you enable the Group VPN setting for any of your Client to Gateway tunnels,
the status information appears in this table.
Group Name:
The current Group VPN name.
Connected Tunnels:
The number of users logged into the group VPN.
Phase2
Enc/Auth/
Grp:
Settings such as Encryption type (NULL/DES/3DES/
AES-128/AES-192/AES-256), Authentication method
(NULL/MD5/SHA1), and DH Group number (1/2/5)
Local Group:
The IP address and subnet mask of the Local Group.
Remote Client:
The remote clients in the group VPN.
Remote Clients Status:
Status of the remote clients: Online or Offline. Click
Detail List to open the Group List window. This
window indicates the Group Name, IP address, and
Connection Time. Click Refresh to update the data, or
click Close to return to the summary page.
Tunnel Test:
Click Connect to verify the tunnel status. The test
result will be updated.
To disconnect, click “Disconnect” to stop the VPN
connection.
Config.:
Setting items include Edit and Delete.
Click on Edit to change the settings. Click the Delete
icon to remove all tunnel settings.
Add:
Click to add a new Group VPN.
VPN Client Status
This section identifies the VPN clients currently connected to the router.
No.:
The ID number of the VPN client.
User Name:
The name of the VPN client.
Status:
The status of the VPN client connection.
Start Time:
Time when the VPN client established its VPN connection to
the router.
End Time:
The time when the VPN client ended its VPN connection to
the router.
Duration:
The period of time that the VPN connection has been active.
Disconnect:
Disconnect the selected VPN client.
Gateway to Gateway
Go to Configuration >VPN > Gateway to Gateway to add a new IPSec tunnel.
The following instructions will guide users to set a VPN tunnel between remote
client and the router.
NOTE:
Remember to click
Save
to save your settings before leaving the page. You
can also click
Cancel
to undo the changes.
Add a New Tunnel
Page 53 / 77
49
VPN
Linksys
Tunnel No.:
Indicates the tunnel number.
Tunnel Name:
Displays the current VPN tunnel connection name, such as
XXX Office. Users are well-advised to give them different
names to avoid confusion.
NOTE
If this tunnel is to be connected to the other VPN
device, some device requires that the tunnel name
is identical to the name of the host end to facilitate
verification. This tunnel can thus be successfully enabled.
Interface:
From the pull-down menu, users can select the WAN port
for this VPN tunnel.
Enable:
Click to activate the
VPN
tunnel. This option is set to
activate by default.
Local Group Setup and Remote Group Setup
The Local settings are for this router, and the Remote settings are for the router
on the other site of the tunnel. Mirror these settings when configuring the VPN
tunnel on the other router.
Local/Remote Security Gateway Type: This Local Security Gateway Type
must be identical to the Remote Security Gateway Type of the remote peer.
IP Only:
Entering the IP address is the
only way to access this tunnel.
The WAN IP address will be
automatically
filled
into
this
space.
IP
+
Domain
Name
(FQDN)
Authentication:
The WAN IP address will be
automatically
filled
into
this
column.
FQDN
refers
to
the
combination
of
host
name
and domain name and can be
retrieved
from
the
Internet,
e.g.,vpn.server.com.
This
IP
address and domain name must
be identical to those of the VPN
secure gateway setting type to
establish successful connection.
IP + E-mail Address (USER FQDN)
Authentication:
Enter the IP address and email
address to access this tunnel.
The WAN IP address will be
automatically
filled
into
this
column.
Dynamic IP + Domain Name (FQDN)
Authentication:
If
the
remote
VPN
gateway
requires
connection
to
the
device for VPN connection, this
device will start authentication
and respond to this VPN tunnel
connection. Enter the domain
name.
Dynamic IP + E-mail Address (USER
FQDN) Authentication:
When VPN Gateway requires for
a VPN connection, the device will
start authentication and respond
to VPN tunnel connection. If
users select this option to link to
VPN, enter the eMail address for
email authentication.
Page 54 / 77
50
VPN
Linksys
Local/Remote Security Group Type:
IP Address:
Allows only the IP address that is entered to build the VPN
tunnel.
Subnet:
Allows local computers in this subnet to connect to the VPN
tunnel.
IP Range:
Allows a range of IP addresses to use this tunnel. Input the
beginning IP and the ending IP of the range.
IPSec Setup
NOTE:
The configuration on the remote router should be the same as the local router.
Keying
Mode:
Manual:
Choose if you want to configure a self-defined key
without negotiation. Encryption key and Authentication key
will be used to verify remote users.
IKE with Preshared Key:
Authenticates remote users by a
pre-shared key, and negotiates the second key in phase 2.
IKE with Pre-shared Key is selected by default.
Manual mode
Be sure to enter the same settings when configuring the other end router for
this tunnel.
Incoming SPI:
Input a number between 100~ffffffff as SPI (Security
Parameter Index). SPI is an identification tag for an
IPSec association. The incoming SPI of this router
should be the same as the outgoing SPI at the other
end of the tunnel.
Outgoing SPI:
Input a hexadecimal number between 100~ffffffff as
SPI. The outgoing SPI of this router should be the same
as the incoming SPI at the other end of the tunnel.
Encryption:
DES or 3DES.
Authentication:
MD5 or SHA1.
Encryption Key:
Input 16 numbers for DES method or 48 numbers for
3DES method.
If you enter less than required values, zeroes will be
filled in to empty spaces.
Example: If you enter 12345678 for DES encryption,
the box will show “1234567800000000.”
Authentication
Key:
Enter 32 numbers for MD5 method or 40 numbers for
SHA1 encryption method.
IKE with Preshared Key
Be sure to enter the same settings when configuring the other end router for
this tunnel.
Page 55 / 77
51
VPN
Linksys
Phase 1 / Phase 2 DH Group:
Allows users to select Diffie-Hellman
groups: Group 1/ Group 2/ Group 5. DH
is a key exchange protocol.
Phase 1 / Phase 2 Encryption:
Allows users to set this VPN tunnel to
use any encryption mode. Note that this
parameter must be identical to that of
the remote encryption parameter: DES
(64-bit encryption mode), 3DES (128-bit
encryption mode), AES (the standard
of
using
security
code
to
encrypt
information). It supports 128-bit, 192-
bit, and 256-bit encryption keys.
Phase 1 / Phase 2 Authentication:
Allows users to set this VPN tunnel to
use any authentication mode. Note that
this parameter must be identical to that
of the remote authentication mode:
MD5 or SHA1.
Phase 1 / Phase 2 SA Life Time:
The lifetime for this exchange code is set
to 28,800 seconds (8 hours) by default.
This allows the automatic generation
of other exchange passwords within
the valid time of the VPN connection to
guarantee security.
Perfect Forward Secrecy:
Check to enable perfect forward secrecy
(PFS). The Phase 2 shared key generated
during the IKE coordination will conduct
further encryption and authentication.
When PFS is enabled, hackers using
brute force to capture the key will not
be able to get the Phase 2 key in such a
short period of time.
The function is checked by default.
Preshared Key:
For the Auto (IKE) option, enter a
password of any digit or characters in the
text of Pre-shared Key, and the system
will automatically translate what users
entered as exchange password and
authentication mechanism during the
VPN tunnel connection. This exchange
password can be up to 30 characters.
Minimum
Preshared
Key
Complexity:
Check the box to enable Minimum Pre-
shared Key Complexity. The default is
enabled.
Preshared Key Strength Meter:
Check the Minimum Pre-shared Key
Complexity box and a strength meter
will appear.
Advanced (Only for IKE with Pre-shared Key mode)
You can click
Advanced+
to configure advanced settings for IKE with Pre-
shared key mode. To hide the settings, click
Advanced-.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top