1. Home
    2. /
  2. Manuals
    3. /
  3. Linksys
    4. /
  4. LRT214
    5. /
  5. 12
Page 56 / 77 Scroll up to view Page 51 - 55
52
VPN
Linksys
Aggressive Mode:
Adopted by remote devices to enhance the
security control if dynamic IP is used for
connection.
Compress
(Support
IP
Payload
Compression
Protocol (IP Comp)):
Reduces the size of IP datagrams. The
router
will
compress
IP
datagram
size
when initiating a tunnel. When the router
works as a responder, it will always accept
compression.
Keep-Alive:
The router will keep this VPN connection
when this function is enabled. Used to
connect the remote node and headquarters,
or used for the remote dynamic IP address.
AH Hash Algorithm:
Enables the router to authenticate IP headers
to verify the integrity of packets transmitted
through the tunnel.
NetBIOS Broadcast:
Ensures the passage of NetBIOS broadcast
packets. This facilitates the easy connection
with other Microsoft networks, but it also
increases the traffic using this VPN tunnel.
NAT Traversal:
Allows
IPSec
traffic
to
pass
through
devices that don’t support IPSec packets.
Recommended if your router is behind a NAT
gateway.
Dead Peer Detection (DPD):
The router will regularly transmit HELLO/ACK
message packets to detect whether there is
connection between the two ends of the VPN
tunnel. If one end is disconnected, the device
will disconnect the tunnel automatically and
then create a new connection. Users can
define the transmission time for each DPD
message packet.
Tunnel Backup:
Remote Backup IP Address:
Input an alternative IP address or original
WAN IP of the other end VPN router.
Page 57 / 77
53
VPN
Linksys
Local Interface:
Choose the WAN port to connect the backup
tunnel.
VPN Tunnel Backup Idle Time:
If the primary tunnel doesn’t work within
configured period, the backup tunnel will be
connected. The default value is 30 seconds.
Split DNS:
The router can send DNS requests to one DNS
server and other DNS requests to another
DNS server. If the address resolution requests
from clients match one of the configured
domain names, it will pass the request to the
assigned DNS server. Otherwise, the request
will be passed to the DNS server assigned to
the WAN port.
DNS1/DNS2:
Input the IP address of the
DNS server to use for the specific domains.
Domain Name1~4:
Input the domain names to DNS servers
which the requests for these domains will be
passed to.
Client to Gateway
Go to Configuration > VPN > Client to Gateway to add a new IPSec tunnel.
NOTE:
Remember to click Save to save your settings before leaving the page. You
can also click Cancel to undo the changes.
NOTE:
Remember to click
Save
before leaving the page. You can also click
Cancel
to undo the changes.
Add a New Tunnel
You can choose Tunnel to create a tunnel between single remote user and the
router, or choose Group VPN for a group of users.
Tunnel No.:
Tunnel number.
Tunnel Name:
Current VPN tunnel connection name, such as XXX Office.
Give them different names to avoid confusion.
Note:
If this tunnel is to be connected to the other VPN
device, some devices require that the tunnel name
is identical to the name of the host end to facilitate
verification.
Interface:
From the drop-down menu, select the WAN port for this
VPN tunnel.
Enable:
Click to enable the VPN tunnel. This option is set to enabled
by default.
Page 58 / 77
54
VPN
Linksys
Local Group Setup
Local Security Gateway Type:
IP Only:
Must enter the IP address to gain access
to this tunnel. The WAN IP address will
be automatically filled into this space. No
further settings necessary.
IP + Domain Name (FQDN)
Authentication:
The WAN IP address will be automatically
filled into this field. No further settings
necessary. FQDN refers to the combination
of host name and domain name, and can
be retrieved from the Internet, e.g., vpn.
server.com.
IP
+
E-mail
Address
(USER
FQDN) Authentication:
If users select IP address and email, enter
the IP address and email address to access
to this tunnel. The WAN IP address will be
automatically filled into this space. No
further settings necessary.
Dynamic IP + Domain Name
(FQDN) Authentication:
If users select this option to link to VPN,
please enter the domain name.
Dynamic IP + E-mail Address
(USER FQDN) Authentication:
If using dynamic IP address to connect
to the device, select this option. When
VPN Gateway asks for VPN connection,
the device will start authentication and
respond to VPN tunnel connection. If users
select this option to link to VPN, enter email
address for email authentication.
Local Security Group Type allows users to set the local VPN connection
access type.
IP Address:
Designates the IP address to build the VPN tunnel.
Subnet:
Allows local computers in this subnet to connect to the
VPN tunnel.
IP Range:
Allows a range of IP addresses to use this tunnel. Input IPs
for the beginning and the end of the range.
Domain Name:
Input
the
domain
name
if
Domain
Name
(FQDN)
Authentication
is selected.
Email Address:
Input the email address if Email
Address (USER FQDN)
Authentication is selected.
Remote Client Setup for Single Remote User (Tunnel is Chosen.)
IP Only
:
Must enter the IP address
to access to this tunnel.
You can also select IP by DNS Resolved, and enter the
domain name of the client on the Internet. The router
will automatically get the IP address by DNS Resolved.
IP
+
Domain
Name
(FQDN)
Authentication:
Enter the domain name and IP address.
IP + E-mail Address
(USER
FQDN)
Authentication:
Enter the IP address (Or IP By Resolved) and email
address.
Dynamic
IP
+
Domain
Name
(FQDN)
Authentication:
Enter the domain name to authenticate the client. The
domain name can be used for only one tunnel.
Dynamic
IP
+
E-mail
Address
(USER
FQDN)
Authentication:
Enter the email address to authenticate the client.
Page 59 / 77
55
VPN
Linksys
Remote Client Setup for Group VPN
Specify the method for identifying the clients to establish the VPN tunnel. The
following options are available for a Group VPN.
Domain
Name
(FQDN)
Authentication:
Enter a domain name to use for authenticating remote
users. The domain name must be unique for each
tunnel.
E-mail
Address
(USER
FQDN)
Authentication:
Enter an email address for authenticating remote
users. The email address must be unique for each
tunnel.
Microsoft XP/2000
VPN Client:
Select this option if the clients use VPN client software
built in to Microsoft XP/2000.
IPSec Setup
Enter the Internet Protocol Security settings for this tunnel.
NOTE
The configuration on remote client software should be the same as the
local router.
Keying Mode:
Manual:
If you want to configure a self-defined key
without negotiation. Encryption key and Authentication
key will be used to verify remote users.
Note:
Manual mode is not supported in Group VPN mode.
IKE with Preshared Key:
If you want to authenticate
remote users by a pre-shared key and then negotiate the
second key in phase 2. IKE with Pre-shared Key is selected
by default.
Manual mode
Enter the settings for manual mode. Be sure to enter the same settings when
configuring the other end router for this tunnel.
Incoming SPI:
Input a number between 100~ffffffff as SPI
(Security Parameter Index). SPI is an identification
tag of an IPSec association. The incoming SPI of
this router should be the same as the outgoing SPI
of the other end of the tunnel.
Outgoing SPI:
Input a number between 100~ffffffff as SPI. The
outgoing SPI of this router should be the same as
the incoming SPI of the other end of the tunnel.
Encryption:
DES or 3DES.
Authentication:
MD5 or SHA1.
Encryption Key:
Input number as encryption key. You should enter
16 numbers for DES method or 48 numbers for
3DES method.
If you enter less than required values, zeroes will
be filled in to empty spaces. Example: If you enter
12345678 for DES encryption, the box will show
“1234567800000000.”
Authentication Key:
Input number as authentication key. You should
enter 32 numbers for MD5 method or 40 numbers
for SHA1 method.
Page 60 / 77
56
VPN
Linksys
IKE with Preshared Key
Enter the settings for IKE with preshared key mode. Be sure to enter the same
settings when configuring the other end router for this tunnel.
Phase 1 / Phase 2
DH Group:
Allows users to select Diffie-Hellman groups: Group 1/
Group 2/ Group 5. DH is a key exchange protocol.
Phase 1 / Phase 2
Encryption:
Allows users to set this VPN tunnel to use any encryption
mode. Note that this parameter must be identical to
that of the remote encryption parameter: DES (64-bit
encryption mode), 3DES (128-bit encryption mode),
AES (the standard of using security code to encrypt
information). It supports 128-bit, 192-bit, and 256-bit
encryption keys.
Phase 1 / Phase 2
Authentication:
Allows users to set this VPN tunnel to use any
authentication mode. Note that this parameter must
be identical to that of the remote authentication mode:
“MD5” or “SHA1”.
Phase 1 / Phase 2
SA Life Time:
The lifetime for this exchange code is set to 28,800
seconds (8 hours) by default. This allows the automatic
generation of other exchange passwords within the
valid time of the VPN connection to guarantee security.
Perfect
Forward
Secrecy:
Check to enable perfect forward secrecy (PFS) The Phase
2 shared key generated during the IKE coordination will
conduct further encryption and authentication. When
PFS is enabled, hackers using brute force to capture the
key will not be able to get the Phase 2 key in such a short
period of time.
The function is checked by default.
Preshared Key:
For the Auto (IKE) option, enter a password of any digit
or characters in the text of Pre-shared Key, and the
system will automatically translate what users entered
as exchange password and authentication mechanism
during the VPN tunnel connection. This exchange
password can be up to 30 characters.
M
i
n
i
m
u
m
Preshared
Key
Complexity:
Check the box to enable
Minimum Preshared Key
Complexity.
Preshared
Key
Strength Meter:
Check the
Minimum Pre-shared Key Complexity
box
and a strength meter will appear.
Advanced (Only for IKE with Preshared Key mode)
You can click
Advanced+
to configure advanced settings for IKE with Preshared
key mode. To hide the settings, please click
Advanced-
.

Rate

4.5 / 5 based on 2 votes.

Popular Linksys Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top