36
Chapter 4: Configuring the Gateway
The Security Tab
Wireless-G ADSL Gateway with 2 Phone Ports
Remote Security Gateway
. The Remote Security Gateway is the VPN device, such as a second VPN Gateway, on
the remote end of the VPN tunnel. Enter the IP Address or Domain of the VPN device at the other end of the tunnel.
The remote VPN device can be another VPN Gateway, a VPN Server, or a computer with VPN client software that
supports IPSec. The IP Address may either be static (permanent) or dynamic (changing), depending on the
settings of the remote VPN device.
Make sure that you have entered the IP Address correctly, or the connection
cannot be made.
Remember, this is NOT the IP Address of the local VPN Gateway, but the IP Address of the
remote VPN Gateway or device with which you wish to communicate. If you enter an IP address, only the specific
IP Address will be able to acess the tunnel. If you select
Any
, any IP Address can access the tunnel.
•
Encryption. Using Encryption also helps make your connection more secure.
There are two different types
of encryption: DES or 3DES (3DES is recommended because it is more secure).
You may choose either of
these, but it must be the same type of encryption that is being used by the VPN device at the other end of
the tunnel.
Or, you may choose not to encrypt by selecting Disable. DES is selected by default.
•
Authentication. Authentication acts as another level of security.
There are two types of authentication:
MD5 and SHA (SHA is recommended because it is more secure).
As with encryption, either of these may
be selected, if the VPN device at the other end of the tunnel is using the same type of authentication.
Or,
both ends of the tunnel may choose to Disable authentication.
In the Manual Key Management screen,
MD5 (the default) has been selected.
Key Management
. Select
Auto (IKE)
or
Manual
from the drop-down menu. The two methods are described
below.
•
Auto (IKE). Select
Auto (IKE)
and enter a series of numbers or letters in the Pre-shared Key field. Based
on this word, which MUST be entered at both ends of the tunnel if this method is used, a key is generated
to scramble (encrypt) the data being transmitted over the tunnel, where it is unscrambled (decrypted).
You may use any combination of up to 24 numbers or letters in this field. No special characters or spaces
are allowed. In the Key Lifetime field, you may select to have the key expire at the end of a time period.
Enter the number of seconds you’d like the key to be useful, or leave it blank for the key to last
indefinitely. Check the box next to PFS (Perfect Forward Secrecy) to ensure that the initial key exchange
and IKE proposals are secure.
•
Manual. Select
Manual,
then select the Encryption Algorithm from the drop-down menu. Enter the
Encryption Key in the field (if you chose DES for your Encryption Algorithm, enter 16 hexadecimal
characters, if you chose 3DES, enter 48 hexadecimal characters). Select the Authentication Algorithm
from the drop-down menu. Enter the Authentication Key in the field (if you chose MD5 for your
Authentication Algorithm, enter 32 hexadecimal characters, if you chose SHA1, enter 40 hexadecimal
characters). Enter the Inbound and Outbound SPIs in the respective fields.
Status
. The status of the connection is shown.
Figure 4-29: Manual Key Management
Figure 4-28: Auto Key Management
Downloaded from
www.Manualslib.com
manuals search engine