Page 141 / 268 Scroll up to view Page 136 - 140
Reference Manual for the Model Wireless ADSL Firewall Router DG834G
Virtual Private Networking (Advanced Feature)
8-35
202-10006-05, June 2005
Deleting a VPN Tunnel
To delete a VPN tunnel:
1.
Log in to the Router.
2.
Open the DG834G management interface and click VPN Policies to display the VPN Policies
screen (
Figure 8-40
). Select the radio button for the VPN tunnel to be deleted and click the
Delete button.
Figure 8-40:
VPN Policies
How to Set Up VPN Tunnels in Special Circumstances
When the VPN Wizard and its VPNC defaults (see
Table 8-2
) are not appropriate for your special
circumstances, use one of the following alternatives:
Auto Policy
—for a typical automated Internet Key Exchange (IKE) setup, see
“Using Auto
Policy to Configure VPN Tunnels” on page 8-36
. Auto Policy uses the IKE protocol to define
the authentication scheme and automatically generate the encryption keys.
Note:
When NETBIOS is enabled (which it is in the VPNC defaults implemented by
the VPN Wizard), automatic traffic will reactivate the tunnel. To prevent reactivation
from happening, either disable NETBIOS or disable the policy for the tunnel (see
“Using the Policy Table on the VPN Policies Page to Deactivate a VPN Tunnel” on page
8-32
).
Page 142 / 268
Reference Manual for the Model Wireless ADSL Firewall Router DG834G
8-36
Virtual Private Networking (Advanced Feature)
202-10006-05, June 2005
Manual Policy
—for a Manual Keying setup in which you must specify each phase of the
connection, see
“Using Manual Policy to Configure VPN Tunnels” on page 8-48
. Manual
Policy does not use IKE. Rather, you manually enter all the authentication and key parameters.
You have more control over the process, however the process is more complex and there are
more opportunities for errors or configuration mismatches between your DG834G and the
corresponding VPN endpoint gateway or client workstation.
Using Auto Policy to Configure VPN Tunnels
You need to configure matching VPN settings on both VPN endpoints. The outbound VPN
settings on one end must match to the inbound VPN settings on other end, and vice versa.
See
“Example of Using Auto Policy” on page 8-41
for an example of using Auto Policy.
Configuring VPN Network Connection Parameters
All VPN tunnels on the DG834G wireless router require configuring several network parameters.
This section describes those parameters and how to access them.
The most common configuration scenarios will use IKE to manage the authentication and
encryption keys. The IKE protocol performs negotiations between the two VPN endpoints to
automatically generate and update the required encryption parameters.
Click the VPN Policies link of the main menu, and then click the Add Auto Policy button to
display the VPN - Auto Policy menu shown in
Figure 8-41
.
Page 143 / 268
Reference Manual for the Model Wireless ADSL Firewall Router DG834G
Virtual Private Networking (Advanced Feature)
8-37
202-10006-05, June 2005
Figure 8-41: DG834G VPN Tunnel Auto Policy Configuration Menu
Page 144 / 268
Reference Manual for the Model Wireless ADSL Firewall Router DG834G
8-38
Virtual Private Networking (Advanced Feature)
202-10006-05, June 2005
The DG834G VPN tunnel network connection fields are defined as follows:
General
These settings identify this policy and determine its major characteristics.
Policy Name
—Enter a unique name to identify this policy. This name is not supplied to the
remote VPN endpoint. It is used only to help you manage the policies.
Remote VPN Endpoint
—If the remote endpoint has a dynamic IP address, select "Dynamic
IP address". No "Address Data" input is required. You can set up multiple remote dynamic IP
policies, but only one such policy can be enabled at a time. Otherwise, select the desired
option (IP address or Domain Name) and enter the address of the remote VPN endpoint to
which you wish to connect.
Note:
The remote VPN endpoint must have this VPN Gateway's address entered as its
"Remote VPN Endpoint".
NETBIOS Enable
—check this if you wish NETBIOS traffic to be forwarded over the VPN
tunnel. The NETBIOS protocol is used by Microsoft Networking.
IKE Keep-alive
—Enable this if you wish to ensure that a connection is kept open, or, if that is
not possible, that it is quickly re-established when disconnected.
The Ping IP Address must be associated with the remote endpoint. The remote LAN address
must be used. This IP address will be "pinged" periodically to generate traffic for the VPN
tunnel. The remote keep-alive IP address must be covered by the remote LAN IP range and
must correspond to a device that can respond to ping. The range should be made as narrow as
possible to meet this objective.
Local LAN
This identifies which PCs on your LAN are covered by this policy. For each selection, data must
be provided as follows:
Single address
—enter an IP address in the "Single/Start IP address" field. Typically, this
setting is used when you wish to make a single Server on your LAN available to remote users.
Range address
—enter the starting IP address in the "Single/Start IP address" field, and the
finish IP address in the "Finish IP address" field. This must be an address range used on your
LAN.
Subnet address
—enter an IP address in the "Single/Start IP address" field, and the desired
network mask in the "Subnet Mask" field. The remote VPN endpoint must have these IP
addresses entered as its "Remote" addresses.
Page 145 / 268
Reference Manual for the Model Wireless ADSL Firewall Router DG834G
Virtual Private Networking (Advanced Feature)
8-39
202-10006-05, June 2005
Remote LAN
This identifies which PCs on the remote LAN are covered by this policy. For each selection, data
must be provided as follows:
Single PC - no Subnet
select this option if there is no LAN (only a single PC) at the remote
endpoint. If this option is selected, no additional data is required. The typical application is a
PC running the VPN client at the remote end.
Single address
Enter an IP address in the "Single/Start IP address" field. This must be an
address on the remote LAN. Typically, this setting is used when you wish to access a server on
the remote LAN.
Range address
enter the starting IP address in the "Single/Start IP address" field, and the
finish IP address in the "Finish IP address" field. This must be an address range used on the
remote LAN.
Subnet address
enter an IP address in the "Single/Start IP address" field, and the desired
network mask in the "Subnet Mask" field.
The remote VPN endpoint must have these IP addresses entered as its "Local" addresses.
IKE
Direction/Type
this setting is used when determining if the IKE policy matches the current
traffic. Select the desired option.
Responder only
—incoming connections are allowed, but outgoing connections will be
blocked.
Initiator and Responder
both incoming and outgoing connections are allowed.
Exchange Mode
ensure the remote VPN endpoint is set to use "Main Mode".
Diffie-Hellman (DH) Group
the Diffie-Hellman algorithm is used when exchanging keys. The
DH Group setting determines the number of bit size used in the exchange. This value must match
the value used on the remote VPN Gateway.
Local Identity Type
—select the desired option to match the "Remote Identity Type" setting on the
remote VPN endpoint.
WAN IP Address
your Internet IP address.
Fully Qualified Domain Name
your domain name.
Fully Qualified User Name
your name, E-mail address, or other ID.

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top