1. Home
    2. /
  2. Manuals
    3. /
  3. Linksys
    4. /
  4. WRVS4400N
    5. /
  5. 14
Page 66 / 134 Scroll up to view Page 61 - 65
58
Chapter 6: Setting Up and Configuring the Router
VPN Tab
Wireless-N Gigabit Security Router with VPN
VPN Tab
IPsec VPN
Use this screen to create VPN tunnels between the Router to the remote Router. All Linksys Routers with IPsec
VPN support can be used as a remote Router (e.g. RVS4000, WRV54G, RV042). The Router supports VPN tunnels
using IPsec (IP Security) technologies. You can create, delete, or modify a VPN tunnel on this page.
Select Tunnel Entry
. Select a tunnel to configure or create a new tunnel.
Delete Button
. Click this button to delete the selected tunnel.
Summary Button
. Clicking this button shows the settings of all existing tunnels.
IPsec VPN Tunnel
. Select
Enable
to enable this tunnel.
Tunnel Name
. Enter a name for this tunnel, such as “Anaheim Office”.
Local Security Group
Local Security Group Type
. Select the local LAN user(s) behind the Router that can use this VPN tunnel. This
may be a single IP address or Sub-network. Notice that the Local Security Group must match or cover the other
router's Remote Security Group.
IP Address
. Enter the IP address on the local network.
Subnet Mask
. If the Subnet option is selected, enter the mask to determine the IP prefix on the local network.
Remote Security Group
Remote Security Group
. Select the remote LAN user(s) behind the remote gateway who can use this VPN tunnel.
This may be a single IP address, a Sub-network, or any addresses. If Any is set, the Router acts as responder and
accepts request from any remote user. Notice that the Remote Security Group must match or cover the other
Router's Local Security Group.
IP Address
. Enter the IP address on the remote network.
Subnet Mask
. If the Subnet option is selected, enter the mask to determine the IP prefix on the remote network.
Figure 6-41: VPN - IPsec VPN
Figure 6-42: VPN Tunnel Summary
Downloaded from
www.Manualslib.com
manuals search engine
Page 67 / 134
59
Chapter 6: Setting Up and Configuring the Router
VPN Tab
Wireless-N Gigabit Security Router with VPN
Remote Security Gateway
.
Select the remote gateway WAN port IP Address that can use this VPN tunnel. This
may be a Single IP address or Any addresses. If is set, the Router acts as responder and accepts request from any
remote Gateway.
IP Address
. Enter the IP address on the remote WAN port.
Key Management
Key Exchange Method
. The Router supports both automatic and manual key management. When choosing
automatic key management, IKE (Internet Key Exchange) protocols are used to negotiate key material for SA
(Security Association). If manual key management is selected, no key negotiation is needed. Basically, manual
key management is used in small static environments or for troubleshooting purpose. Notice that both sides must
use the same Key Management method (both Auto or both Manual). For Manual key management, all the
configurations need to match on both sides.
Auto IKE
Encryption
. The Encryption method determines the complexity to encrypt/decrypt data packets. Only 3DES is
supported. Notice that both sides must use the same Encryption method.
Authentication
. Authentication determines a method to authenticate the data packets to make sure they
come from a trusted source. Either MD5 or SHA1 may be selected. Notice that both sides (VPN endpoints)
must use the same Authentication method.
MD5: A one way hashing algorithm that produces a 128-bit digest.
SHA1: A one way hashing algorithm that produces a 160-bit digest.
PFS (Perfect Forward Secrecy)
. If PFS is enabled, IKE Phase 2 negotiation will generate a new key material
for IP traffic encryption and authentication. Note: that both sides must have this selected.
Pre-Shared Key
. IKE uses the Pre-shared Key field to authenticate the remote IKE peer. Both characters and
hexadecimal values are acceptable in this field. e.g. “My_@123” or “0x4d795f40313233” Note that both
sides must use the same Pre-shared Key.
Key Life Time
. This field specifies the lifetime of the IKE generated key. If the time expires, a new key will be
renegotiated automatically. The Key Life Time may range from 300 to 100,000,000 seconds. The default Life
Time is 3600 seconds.
Downloaded from
www.Manualslib.com
manuals search engine
Page 68 / 134
60
Chapter 6: Setting Up and Configuring the Router
VPN Tab
Wireless-N Gigabit Security Router with VPN
Manual
Encryption Algorithm
. The Encryption method determines the complexity to encrypt/decrypt data packets.
Only 3DES is supported. Notice that both sides must use the same Encryption method.
Encryption Key
. This field specifies a key used to encrypt and decrypt data packets. Both characters and
hexadecimal values are acceptable in this field. Note: that both sides must use the same Encryption Key.
Authentication Algorithm
. Authentication determines a method to authenticate the data packets to make
sure they come from a trusted source. Either MD5 or SHA1 may be selected. Notice that both sides (VPN
endpoints) must use the same Authentication method.
MD5: A one way hashing algorithm that produces a 128-bit digest.
SHA1: A one way hashing algorithm that produces a 160-bit digest.
Authentication Key
. This field specifies a key used to authenticate IP traffic. Both characters and
hexadecimal values are acceptable in this field. Note: that both sides must use the same Authentication Key.
Inbound SPI/Outbound SPI
. The SPI (Security Parameter Index) is carried in the IPsec ESP header. This
enables the receiver to select the SA (Security Association), under which a packet should be processed. The
SPI is a 32-bit value. Both decimal and hexadecimal values are acceptable. e.g. “987654321” or
“0x3ade68b1”. Each tunnel must have unique an Inbound SPI and Outbound SPI. No two tunnels share the
same SPI. Notice that Inbound SPI must match the other Router's Outbound SPI, and vice versa.
Status
Status
. This field shows the connection status for the selected tunnel. The state is either connected or
disconnected.
Connect button
. Use this to establish a connection for the current VPN tunnel. If you have made any changes,
click Save Settings to first apply your changes.
Disconnect button
. Use this to break a connection for the current VPN tunnel.
View Log button
. Click this to view the VPN log, which shows details of each tunnel established. You can change
the Log type to show only VPN tunnel related events.
Figure 6-43: View VPN Tunnel Log
Downloaded from
www.Manualslib.com
manuals search engine
Page 69 / 134
61
Chapter 6: Setting Up and Configuring the Router
VPN Tab
Wireless-N Gigabit Security Router with VPN
Advanced Settings button
. If the Key Exchange Method is Auto (IKE), this button provides access to some
additional settings relating to IKE. Use this if the Router is unable to establish a VPN tunnel to the remote VPN
Gateway; ensure the Advanced Settings match those on the remote VPN Gateway. Note that Phase 1 is used for
key negotiation and Phase 2 is used for actual data exchange.
Advanced Settings (Phase 1 and Phase 2)
Operation Mode
. Select the method to match the remote VPN endpoint.
Main: Main Mode is slower but more secure.
Aggressive: Aggressive mode is faster but less secure.
Local Identity
. Select the desired option to match the “Remote Identity” setting at the other end of this
tunnel.
Local IP address: Your WAN IP Address.
Name: Your domain name.
Remote Identity
. Select the desired option to match the “Local Identity” setting at the other end of this
tunnel.
Local IP address: WAN IP Address of the remote VPN endpoint.
Name: Domain name of the remote VPN endpoint.
Encryption
. Encryption Algorithm used for the IKE SA. This setting must match the setting used at the other
end of this tunnel.
Authentication
. Authentication Algorithm used for the IKE SA. This setting must match the setting used at the
other end of this tunnel.
MD5: A one way hashing algorithm that produces a 128-bit digest.
SHA1: A one way hashing algorithm that produces a 160-bit digest.
Group
. The Group setting determines the bit size used in the IKE exchange. This value must match the value
used at the other end of this tunnel.
Key Life Time
. This determines the time interval before the IKE SA (Security Association) expires. (It will
automatically be re-established if necessary.) While using a short time period increases security, it also
Figure 6-44: IPsec VPN Advanced Settings
Downloaded from
www.Manualslib.com
manuals search engine
Page 70 / 134
62
Chapter 6: Setting Up and Configuring the Router
VPN Tab
Wireless-N Gigabit Security Router with VPN
degrades performance. While this unit is in seconds, it is common to use periods over an hour (3600 seconds)
for the SA Life Time.
Change these settings as described here and click
Save Settings
to apply your changes, or click
Cancel
Changes
to cancel your changes. Help information is displayed on the right-hand side of the screen, and click
More
for additional details.
Downloaded from
www.Manualslib.com
manuals search engine

Rate

4.5 / 5 based on 2 votes.

Popular Linksys Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top