24

Chapter 5: Configuring the Gateway

The Wireless Tab

Wireless-G ADSL Gateway

with Windows XP Zero Configuration. If you want to communicate with non-Linksys wireless products or

Windows XP Zero Configuration, make a note of the WEP key generated in the Key 1 field, and enter it

manually in the wireless client.) After you enter the Passphrase, click the

Generate

button to create WEP

keys.

•

Default Key

Select which WEP key (1-4) will be used when the Gateway sends data. Make sure that the

receiving device (wireless client) is using the same key.

•

WEP Keys 1-4. WEP keys enable you to create an encryption scheme for wireless network transmissions. If

you are not using a Passphrase, then manually enter a set of values. (Do not leave a key field blank, and do

not enter all zeroes; they are not valid key values.)

If you are using 64-bit WEP encryption, the key must be exactly 10 hexadecimal characters in length. If you

are using 128-bit WEP encryption, the key must be exactly 26 hexadecimal characters in length. Valid

hexadecimal characters are “0”-“9” and “A”-“F”.

When finished making your changes on this tab, click the

Save Settings

button to save these changes, or click

the

Cancel Changes

button to undo your changes.

Wireless Network Access

(See Figure 5-15.)

Wireless Network Access. If you select

Allow All

, all computers will be allowed access to the wireless network.

To restrict access to the network, select

Restrict Access to Computers below

. Click the

Select

MAC Address

From Networked Computers

button, and the screen in Figure 5-16 will appear.

Select the

MAC Address

from the list

and click the

Select

box, then click the

Select

button.

Click the

Refresh

button if you want to refresh the screen. Click the

Close

button to return to the previous screen.

When finished making your changes on this tab, click the

Save Settings

button to save these changes, or click

the

Cancel Changes

button to undo your changes.

Figure 5-15: Wireless Network Access

Figure 5-16: Networked Computers

25

Chapter 5: Configuring the Gateway

The Wireless Tab

Wireless-G ADSL Gateway

Advanced Wireless Settings

(See Figure 5-17.)

On this screen you can access the Advanced Wireless features, including Authentication Type, Basic Data Rates,

Control Tx Rates, Beacon Interval, DTIM Interval, RTS Threshold, and Fragmentation Threshold.

•

Control Tx Rates. The default transmission rate is Auto. The range is from 1 to 54Mbps. The rate of data

transmission should be set depending on the speed of your wireless network. You can select from a range of

transmission speeds, or keep the default setting,

Auto

, to have the Gateway automatically use the fastest

possible data rate and enable the Auto-Fallback feature. Auto-Fallback will negotiate the best possible

connection speed between the Gateway and a wireless client.

•

Beacon Interval. The default value is 100. Enter a value between 1 and 65,535 milliseconds. The Beacon

Interval value indicates the frequency interval of the beacon. A beacon is a packet broadcast by the Gateway

to synchronize the wireless network.

•

DTIM Interval. The default value is 3. This value, between 1 and 255, indicates the interval of the Delivery

Traffic Indication Message (DTIM). A DTIM field is a countdown field informing clients of the next window for

listening to broadcast and multicast messages. When the Gateway has buffered broadcast or multicast

messages for associated clients, it sends the next DTIM with a DTIM Interval value. Its clients hear the

beacons and awaken to receive the broadcast and multicast messages.

•

Fragmentation Threshold. This value should remain at its default setting of 2346. The range is 256-2346

bytes. It specifies the maximum size for a packet before data is fragmented into multiple packets. If you

experience a high packet error rate, you may slightly increase the Fragmentation Threshold. Setting the

Fragmentation Threshold too low may result in poor network performance. Only minor modifications of this

value are recommended.

•

RTS Threshold. This value should remain at its default setting of 2347. The range is 0-2347 bytes. Should you

encounter inconsistent data flow, only minor modifications are recommended. If a network packet is smaller

than the preset RTS threshold size, the RTS/CTS mechanism will not be enabled. The Gateway sends Request

to Send (RTS) frames to a particular receiving station and negotiates the sending of a data frame. After

receiving an RTS, the wireless station responds with a Clear to Send (CTS) frame to acknowledge the right to

begin transmission.

•

Authentication Type. The default is set to Auto (default), which allows either Open System or Shared Key

authentication to be used. For Open System authentication, the sender and the recipient do not use a WEP

key for authentication but can use WEP for data encryption. If you want to allow on Open System

authentication, then select

Open System

. For Shared Key authentication, the sender and recipient use a WEP

key for both authentication and data encryption. If you want to use only Shared Key authentication, then

select

Shared Key

. It is recommended that this option be left in the default (Auto) mode, because some

clients cannot be configured for Shared Key.

Figure 5-17: Advanced Wireless Settings

26

Chapter 5: Configuring the Gateway

The Security Tab

Wireless-G ADSL Gateway

The Security Tab

Firewall

When you click the Security tab, you will see the Firewall screen (see Figure 5-18). This screen contains Filters

and the option to Block WAN Requests. Filters block specific Internet data types and block anonymous Internet

requests.

•

Firewall. To add Firewall Protection, click

Enabled

. If you do not want Firewall Protection, click

Disabled

.

Additional Filters

•

Filter Proxy. Use of WAN proxy servers may compromise the Gateway's security. Denying Filter Proxy will

disable access to any WAN proxy servers. To enable proxy filtering, click

Enabled

.

•

Filter Cookies. A cookie is data stored on your computer and used by Internet sites when you interact with

them. To enable cookie filtering, click

Enabled

.

•

Filter Java Applets. Java is a programming language for websites. If you deny Java Applets, you run the risk

of not having access to Internet sites created using this programming language. To enable Java Applet

filtering, click

Enabled

.

•

Filter ActiveX. ActiveX is a programming language for websites. If you deny ActiveX, you run the risk of not

having access to Internet sites created using this programming language. To enable ActiveX filtering, click

Enabled

.

Block WAN requests

•

Block Anonymous Internet Requests. This keeps your network from being “pinged” or detected and

reinforces your network security by hiding your network ports, so it is more difficult for intruders to discover

your network. Select

Block Anonymous Internet Requests

to block anonymous Internet requests or de-

select it

to allow anonymous Internet requests.

Click

View Logs

to view a log of any firewall events.

When finished making your changes on this tab, click the

Save Settings

button to save these changes, or click

the

Cancel Changes

button to undo your changes.

Figure 5-18: Firewall

27

Chapter 5: Configuring the Gateway

The Security Tab

Wireless-G ADSL Gateway

VPN

Virtual Private Networking (VPN) is a security measure that basically creates a secure connection between two

remote locations. The VPN screen, shown in Figure 5-19, allows you to configure your VPN settings to make your

network more secure.

VPN Passthrough

•

IPSec Passthrough. Internet Protocol Security (IPSec) is a suite of protocols used to implement secure

exchange of packets at the IP layer. To allow IPSec Passthrough, click the

Enabled

button. To disable IPSec

Passthrough, click the

Disabled

button.

•

PPTP Passthrough. Point-to-Point Tunneling Protocol Passthrough is the method used to enable VPN sessions

to a Windows NT 4.0 or 2000 server. To allow PPTP Passthrough, click the

Enabled

button. To disable PPTP

Passthrough, click the

Disabled

button.

IPSec VPN Tunnel

The VPN Gateway creates a tunnel or channel between two endpoints, so that the data or information between

these endpoints is secure.

•

To establish this tunnel, select the tunnel you wish to create in the Select Tunnel Entry drop-down box.

It is

possible to create up to five simultaneous tunnels. Then click

Enabled

to enable the IPSec VPN tunnel. Once

the tunnel is enabled, enter the name of the tunnel in the Tunnel Name field.

This is to allow you to identify

multiple tunnels and does not have to match the name used at the other end of the tunnel.

•

Local Secure Group and Remote Secure Group. The Local Secure Group is the computer(s) on your LAN that

can access the tunnel. The Remote Secure Group is the computer(s) on the remote end of the tunnel that can

access the tunnel. These computers can be specified by a Subnet, specific IP address, or range.

•

Remote Security Gateway. The Remote Security Gateway is the VPN device, such as a second VPN Gateway,

on the remote end of the VPN tunnel. Enter the IP Address or Domain of the VPN device at the other end of the

tunnel. The remote VPN device can be another VPN Gateway, a VPN Server, or a computer with VPN client

software that supports IPSec. The IP Address may either be static (permanent) or dynamic (changing),

depending on the settings of the remote VPN device.

Make sure that you have entered the IP Address

correctly, or the connection cannot be made.

Remember, this is NOT the IP Address of the local VPN

Gateway, but the IP Address of the remote VPN Gateway or device with which you wish to communicate. If

you enter an IP address, only the specific IP Address will be able to acess the tunnel. If you select

Any

, any IP

Address can access the tunnel.

Figure 5-19: VPN

28

Chapter 5: Configuring the Gateway

The Security Tab

Wireless-G ADSL Gateway

•

Encryption. Using Encryption also helps make your connection more secure.

There are two different types of

encryption: DES or 3DES (3DES is recommended because it is more secure).

You may choose either of

these, but it must be the same type of encryption that is being used by the VPN device at the other end of the

tunnel.

Or, you may choose not to encrypt by selecting Disable.

In Figure 5-19, DES (which is the default)

has been selected.

•

Authentication. Authentication acts as another level of security.

There are two types of authentication: MD5

and SHA (SHA is recommended because it is more secure).

As with encryption, either of these may be

selected, if the VPN device at the other end of the tunnel is using the same type of authentication.

Or, both

ends of the tunnel may choose to Disable authentication.

In Figure 5-19, MD5 (the default) has been

selected.

•

Key Management. Select

Auto (IKE)

or

Manual

from the drop-down menu. The two methods are described

below.Auto (IKE)

Select

Auto (IKE)

and enter a series of numbers or letters in the Pre-shared Key field. Based on this word,

which MUST be entered at both ends of the tunnel if this method is used, a key is generated to scramble

(encrypt) the data being transmitted over the tunnel, where it is unscrambled (decrypted).

You may use any

combination of up to 24 numbers or letters in this field. No special characters or spaces are allowed. In the

Key Lifetime field, you may select to have the key expire at the end of a time period.

Enter the number of

seconds you’d like the key to be useful, or leave it blank for the key to last indefinitely. Check the box next to

PFS (Perfect Forward Secrecy) to ensure that the initial key exchange and IKE proposals are secure.

Manual (See Figure 5-20.)

Select

Manual,

then select the Encryption Algorithm from the drop-down menu. Enter the Encryption Key in

the field (if you chose DES for your Encryption Algorithm, enter 16 hexadecimal characters, if you chose

3DES, enter 48 hexadecimal characters). Select the Authentication Algorithm from the drop-down menu.

Enter the Authentication Key in the field (if you chose MD5 for your Authentication Algorithm, enter 32

hexadecimal characters, if you chose SHA1, enter 40 hexadecimal characters). Enter the Inbound and

Outbound SPIs in the respective fields.

•

Status. The status of the connection is shown.

Click the

Connect

button to connect your VPN tunnel. Click the View Logs button to view logs. Click the

Advanced Setting

button and the Advanced IPSec VPN Tunnel Setup screen will appear. See Figure 5-20.

When finished making your changes on this tab, click the

Save Settings

button to save these changes, or click

the

Cancel Changes

button to undo your changes.

Figure 5-20: Manual Key Management