Page 61 / 105 Scroll up to view Page 56 - 60
52
Chapter 5: Setting Up and Configuring the Router
VPN Tab - Client to Gateway
10/100 8-Port VPN Router
groups of different prime key lengths. Group 1 is 768 bits, Group 2 is 1,024 bits and Group 5 is 1,536 bits. If
network speed is preferred, select Group 1. If network security is preferred, select Group 5.
Phase 1 Encryption
: There are two methods of encryption, DES and 3DES. The Encryption method determines
the length of the key used to encrypt/decrypt ESP packets. DES is 56-bit encryption and 3DES is 168-bit
encryption. Both sides must use the same Encryption method. 3DES is recommended because it is more secure.
Phase 1 Authentication
: There are two methods of authentication, MD5 and SHA. The Authentication method
determines a method to authenticate the ESP packets. Both sides must use the same Authentication method.
MD5 is a one-way hashing algorithm that produces a 128-bit digest.
SHA is a one-way hashing algorithm that produces a 160-bit digest. SHA is recommended because it is more
secure, and both sides must use the same Authentication method.
Phase 1 SA Life Time
: This field allows you to configure the length of time a VPN tunnel is active in Phase 1. The
default value is
28,800
seconds.
Perfect Forward Secrecy
: If PFS is enabled, IKE Phase 2 negotiation will generate a new key material for IP
traffic encryption and authentication. If PFS is enabled, a hacker using brute force to break encryption keys is not
able to obtain other or future IPSec keys.
Phase 2 DH Group
: There are three groups of different prime key lengths. Group1 is 768 bits, Group2 is 1,024
bits and Group 5 is 1,536 bits. If network speed is preferred, select Group 1. If network security is preferred,
select Group 5. You can choose the different Group with the Phase 1 DH Group you chose. If Perfect Forward
Secrecy is disabled, there is no need to setup the Phase 2 DH Group since no new key generated, and the key of
Phase 2 will be the same with the key in Phase 1.
Phase 2 Encryptio
n: Phase 2 is used to create one or more IPSec SAs, which are then used to key IPSec
sessions. There are two methods of encryption, DES and 3DES. The Encryption method determines the length of
the key used to encrypt/decrypt ESP packets. DES is 56-bit encryption and 3DES is 168-bit encryption. Both sides
must use the same Encryption method. If users enable the AH Hash Algorithm in Advanced, then it is
recommended to select
Null
to disable encrypting/decrypting ESP packets in Phase 2, but both sides of the
tunnel must use the same setting.
Phase 2 Authentication
: There are two methods of authentication, MD5 and SHA. The Authentication method
determines a method to authenticate the ESP packets. Both sides must use the same Authentication method.
MD5 is a one-way hashing algorithm that produces a 128-bit digest. If users enable the AH Hash Algorithm in
Advanced, then it is recommended to select
Null
to disable authenticating ESP packets in Phase 2, but both sides
of the tunnel must use the same setting.
Page 62 / 105
53
Chapter 5: Setting Up and Configuring the Router
VPN Tab - Client to Gateway
10/100 8-Port VPN Router
Phase 2 SA Life Time
: This field allows you to configure the length of time a VPN tunnel is active. The default
value is 3,600 seconds.
Preshared Key
: Character and hexadecimal values are acceptable in this field, e.g. “My_@123” or
“4d795f40313233.” The max entry of this field is 30-digit. Both sides must use the same Pre-shared Key. It’s
recommended to change Preshared keys regularly to maximize VPN security.
Click the
Save Settings
button to save the settings or click the
Cancel Change
s button to undo the changes.
Advanced
For most users, the settings on the VPN page should be satisfactory. This device provides an advanced IPSec
setting page for some special users such as reviewers. Click the
Advanced
button to link you to that page.
Advanced settings are only for IKE with Preshared Key mode of IPSec.
Aggressive Mode
: There are two types of Phase 1 exchanges: Main mode and Aggressive mode.
Aggressive Mode requires half of the main mode messages to be exchanged in Phase 1 of the SA exchange. If
network security is preferred, select Main mode. If network speed is preferred, select Aggressive mode. When
Group VPN is enabled, it will be limited as Aggressive Mode. If you select Dynamic IP in Remote Client Type in
tunnel mode, it will also be limited as Aggressive Mode.
Compress (Support IP Payload compression Protocol (IP Comp)
The Router supports IP Payload Compression Protocol. IP Payload Compression is a protocol to reduce the size of
IP datagrams. If Compress is enabled, the Router will propose compression when initiating a connection. If the
responders reject this propose, the Router will not implement the compression. When the Router works as a
responder, the Router will always accept compression even without enabling compression.
Keep-Alive
: This mechanism helps to keep up the connection of IPSec tunnels. Whenever a connection is
dropped and detected, it will be re-established immediately.
AH Hash Algorithm
: AH (Authentication Header) protocol describes the packet format and the default standards
for packet structure. With the use of AH as the security protocol, protected is extended forward into IP header to
verify the integrity of the entire packet by use of portions of the original IP header in the hashing process. There
are two algorithms, MD5 and SHA1. MD5 produces a 128-bit digest to authenticate packet data and SHA1
produces a 160-bit digest to authenticate packet data.
NetBIOS broadcast:
Check the box to enable NetBIOS traffic to pass through the VPN tunnel. By default, RV082
blocks these broadcasts.
Figure 5-53: VPN tab - Client to Gateway Advanced
Page 63 / 105
54
Chapter 5: Setting Up and Configuring the Router
VPN Tab - VPN Client Access
10/100 8-Port VPN Router
Dead Peer Detection (DPD):
When DPD is enabled, the RV082 will send the periodic HELLO/ACK messages to
prove the tunnel liveliness when both peers of VPN tunnel provide DPD mechanism. Once a dead peer has
detected, the RV082 will disconnect the tunnel so the connection can be re-established.
The Interval is the number of seconds between DPD messages. The default is DPD enabled, and default Interval is
10 seconds.
Click the
Save Settings
button when you finish the settings or click the
Cancel Changes
button to undo the
changes.
VPN Tab - VPN Client Access
Use this page to administer your VPN Client users. Enter the information at the top of the screen and the users
you’ve entered will appear in the list at the bottom, showing their status. This will work with the Linksys
QuickVPN client only. (The Router supports up to five Linksys QuickVPN Clients by default. Additional QuickVPN
Client licenses can be purchased separately. See www.linksys.com for more information.)
Username
: Enter the user’s name here.
New Password
: Enter the user’s password here.
Confirm New Password
: Confirm that password by re-entering it here.
Change Password Allowed
: If you want to allow users the right to change their password, click the radio button
beside
Yes
. If not, click the radio button beside
No
.
Active
: Clicking this box will make the new user active.
Add to List
: Clicking this button adds the user to the list at the bottom of the screen.
All of these settings can be changed by clicking the user’s name in the box at the bottom half of the screen. The
Add to List
button changes to
Update this user
. Click the
Update this user
button to change the user’s settings.
Delete selected users
: You can delete users by clicking their name(s) in the list and then clicking the Delete
selected users button. Hold down the CTRL key when selecting multiple users.
Add New
: Clicking this button also allows you to add new users to the VPN Client Access list.
Click the
Save Settings
button to save the settings or the
Cancel Changes
button to undo your changes.
When you first save these settings, a message will appear, asking if you’d like the Router to automatically change
the LAN IP Address to prevent conflicting IP addresses. Clicking
Yes
will change the LAN IP Address. In the event
of an IP conflict, the VPN Client will not connect to the Router.
Figure 5-54: VPN tab - VPN Client Access
Page 64 / 105
55
Chapter 5: Setting Up and Configuring the Router
VPN Tab - VPN Pass Through
10/100 8-Port VPN Router
VPN Tab - VPN Pass Through
IPSec Passthrough
: IPSec (Internet Protocol Security) is a suite of protocols used to implement secure
exchange of packets at the IP layer. To allow IPSec Passthrough, click the
Enabled
button. To disable IPSec
Passthrough, click the
Disabled
button.
PPTP Pass Through
: PPTP (Point-to-Point Tunneling Protocol) Passthrough allows the Point-to-Point (PPP) to be
tunneled through an IP network. To allow PPTP Passthrough, click the
Enabled
button. To disable PPTP
Passthrough, click the
Disabled
button.
L2TP Passthrough
: Layer 2 Tunneling Protocol Passthrough is the method used to enable Point-to-Point
sessions via the Internet on the Layer 2 level. To allow L2TP Passthrough, click the
Enabled
button. To disable
L2TP Passthrough, click the
Disabled
button.
VPN Tab - PPTP Server
The PPTP Server is intended for users logging in remotely with Windows XP or 2000, using PPTP to create VPN
connections.
Enable PPTP Server
: Checking this box enables the PPTP Server.
IP Address Range
Enter the internal IP Address Range for remote users connecting to your Local Network. The Router supports up
to five PPTP connections. The default IP range is 200 ~ 204.
Users Setting
Enter the remote users' User Name and Password. Then, enter the password in the
Confirm the Password
field
and click the
Add to list
button. When remote users request to create VPN connections with the Router, the PPTP
Server will identify the users' information. The Router will support up to such connections.
To delete users from the list, select the user and click the
Delete selected users
button.
Connection List
This list will show all users connected through the PPTP Server, with their User Name, Remote Address and PPTP
IP Address displayed on the list.
Click the
Save Settings
button to save the settings or click the
Cancel Changes
button to undo your changes.
Clicking the
Refresh
button will update the screen’s display.
Figure 5-56: VPN tab - PPTP Server
Figure 5-55: VPN tab - VPN Pass Through
Page 65 / 105
56
Chapter 5: Setting Up and Configuring the Router
Log Tab - System Log
10/100 8-Port VPN Router
Log Tab - System Log
The System Log screen allows to configure the Router’s log, keeping track of the Router’s performance.
Syslog
Enable Syslog
: Checking this box enables the Logging feature, called Syslog.
Syslog Server
: In addition to the standard event log, the Router can send a detailed log to an external Syslog
server. Syslog is an industry-standard protocol used to capture information about network activity. The Router’s
Syslog captures all log activity and includes every connection source and destination IP address, IP service, and
number of bytes transferred. Enter the Syslog server name or IP address in the Syslog Server field. Click the
Save Settings
button and then restart the Router for the change to take effect.
E-mail
Enable E-Mail Alert
: Checking this box enables E-Mail Alert, which are emailed log entries and alerts.
Mail Server
: If you wish to have any log or alert information E-mailed to you, then you must enter the name or
numerical IP address of your SMTP server. Your Internet Service Provider can provide you with this information.
Send E-mail To
: This is the E-mail address where the log files will be sent.
Log Queue Length (entries)
: This instructs the Router how often to email log entries by quantity of entries.
When the number of queues is reached (i.e. the queue length), the log is sent. The default length is 50 entries.
Log Time Threshold (minutes)
: This instructs the Router how frequently to email log entries by amount of time.
When the time threshold is reached, the log is sent. The default time is 10 minutes.
E-mail Log Now
: Clicking the
E-mail Log Now
button immediately sends the log to the address in the Send
E-mail to field.
Log Setting
Alert Log
You can receive alert logs for any of these events when you check its box on the screen: Syn Flooding, IP
Spoofing, Win Nuke, Ping of Death and Unauthorized Login Attempt.
Figure 5-57: Log tab - System Log

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top