B

9 • Wireless Pages

56

Motorola recommends using WPA instead of WEP if all of your wireless clients support

WPA encryption. WPA advantages include:

•

Stronger encryption and more secure

•

Authentication to ensure that only authorized users can log in to your WLAN

•

Easier configuration

•

Standard algorithm on all compliant products to generate a key from a textual

passphrase

•

Incorporation into the new IEEE 802.11i wireless networking standard

For new wireless LANs, Motorola recommends purchasing client adapters that support

WPA encryption.

Installing Wireless Clients

Note

: Use the SVG1501 Installation

CD-ROM to set client security. The

passcode is located on the gateway label.

For each wireless client computer, follow the instructions supplied with the adapter and

the steps below to install the wireless adapter:

1.

Insert the CD-ROM for the adapter in the CD-ROM drive on the client.

2.

Install the device software from the CD.

3.

Insert the adapter in the PCMCIA or PCI slot or connect it to the USB port.

4.

Configure the adapter to obtain an IP address automatically.

On a PC with Wireless Client Manager installed, the

icon is displayed on the

Windows task bar. Double-click the icon to launch the utility. You may need to do the

following to use a wireless client computer to access the Internet:

Configuring Wireless Clients

If You:

You Need to do this

on each client,:

Configured WPA on the SVG1501

Configure a Wireless Client for WPA or WPA2

Configured WEP on the SVG1501

Configure a Wireless Client for WEP

Configured the Wireless Network Name

on the SVG1501

Configure a Wireless Client with the Network

Name (SSID)

Configured a MAC Access Control List

on the SVG1501

No client configuration required

B

9 • Wireless Pages

57

Installing a Wireless Client for WPA

If you enabled WPA and set a PSK Passphrase by configuring WPA on the SVG1501, you

must configure the same passphrase (key) on each wireless client. The SVG1501 cannot

authenticate a client if:

•

WPA is enabled on the SVG1501 but not on the client

•

The client passphrase does not match the SVG1501 PSK Passphrase

CAUTION:

Never provide the PSK Passphrase to anyone who is not

authorized to use your WLAN.

Configuring a Wireless Client for WEP

If you enabled WEP and set a key by configuring WEP on the SVG1501, you must

configure the same WEP key on each wireless client. The SVG1501 cannot authenticate

a client if:

•

Shared Key Authentication is enabled on the SVG1501 but not on the client

•

The client WEP key does not match the SVG1501 WEP key

For all wireless adapters, you must enter the 64-bit or 128-bit WEP key generated by the

SVG1501.

CAUTION:

Never provide the WEP key to anyone who is not authorized

to use your WLAN.

Configuring a Wireless Client with the Network Name

(SSID)

After you specify the network name on the Wireless Basic Page, many wireless cards or

adapters automatically scan for an access point, such as the SVG1501 and the proper

channel and data rate. If your card requires you to manually start scanning for an access

point, follow the instructions in the documentation supplied with the card. You must

enter the same SSID in the wireless configuration setup for the device to communicate

with the SVG1501.

B

10 • VPN Pages

58

10

VPN Pages

The

VPN

pages allow you to configure and manage VPN tunnels.

You can click any VPN submenu option to view or change the configuration information

for that option.

VPN Basic Page

Enable VPN protocols and manage VPN tunnels.

Field

Description

L2TP Server

Enable or disable the Layer 2 Tunneling Protocol

PPTP Server

Enable or disable the Point-to-Point Protocol

IPsec Endpoint

Enable or disable the Internet Protocol Security protocol

Add New Tunnel

Create a new tunnel configuration and append it to the table.

Click

Edit

to add the name and constructs of the tunnel for that

tunnel.

B

10 • VPN Pages

59

VPN IPsec Page

You can configure multiple VPN tunnels to various client computers and store different

tunnels, but you cannot enable them for ease of use with connections and/or client

computers that are not constantly used.

For each tunnel configuration you store, its unique IPsec parameters are stored using the

IPsec Settings section at the bottom of the page. Click

Show Advanced Settings

at the

bottom of the page to display the advanced features that control IPSEC key

management and negotiation with the far endpoint.

Field

Description

Tunnel

Configure each tunnel individually. Preset tunnels are listed by

their preset name.

B

10 • VPN Pages

60

Field

Description

Name

Assign a generic name for a group of settings to a single

tunnel.

After entering the appropriate tunnel name for the first time,

click

Add New Tunnel

to create a heading for the tunnel

settings selected from the

Tunnel

drop-down list. If you do not

assign a name, the tunnels are sequentially numbered.

Enable drop-down

After you name and configure a VPN tunnel, you can store it as

disabled or enabled via the Enable/Disable drop-down list.

Click

Apply

to toggle Enable/Disable.

Local Endpoint Settings

Address group type

Set the local VPN access group as one of the following group

types:

Single IP address

— for one computer, enter the IP address

for the specific computer

IP address range

— for a small range of computers, enter the

starting and ending IP addresses for the group of consecutive

IP address that will have access to the VPN tunnel

IP Subnet

— for an entire subnet/network, enter the Subnet

and Mask for IP address range and IP Subnet. Enter the

starting and ending IP addresses for the group of consecutive

IP addresses that are to have access to the VPN tunnel.

Identity Type

Define the local endpoint identity type to automatically use the

WAN IP address of the router or as a user-specified IP address,

fully qualified domain name (FQDN), or e-mail address. The far

endpoint uses this to identify the VPN termination point and

handshake.

The remote VPN endpoint on the other side of the tunnel

should match these settings for its remote endpoint settings.

Identity

Enter the identity string.

For IP address, enter

x.x.x.x.

For FQDN, enter

yourdomain.com

For email address identity, enter

The remote VPN endpoint on the other side of the tunnel

should match these settings for its remote endpoint settings.