Linksys WAP54GP - Wireless-G Access Point User Manual page 28

Chapter 
the VPN will terminate at the Router, instead of the PC;
or Any, to allow any computer to access the tunnel. The
screen will change depending on the selected option. The
options are described below.
Subnet
Enter the IP Address and Mask of the remote
•
VPN router in the fields provided. To allow access to the
entire IP subnet, enter 0 for the last set of IP Addresses
(e.g., 192.168.1.0).
IP Addr.
Enter the IP Address of the remote VPN
•
router. The Mask will be displayed.
Host The VPN tunnel will terminate at the router with
•
this setting. Use Port Range Forwarding to direct traffic
to the correct computer. Refer to the Firewall > Port
Range Forwarding screen.
Any Allows any computer to access the tunnel.
•
Remote Secure Gateway
The Remote Secure Gateway is the VPN device, such as a
second VPN router, on the remote end of the VPN tunnel.
Enter the IP Address of the VPN device at the other end
of the tunnel. The remote VPN device can be another
VPN router, a VPN server, or a computer with VPN client
software that supports IPSec. The IP address may either be
static (permanent) or dynamic, depending on the settings
of the remote VPN device.
If the IP Address is static, select IP Addr. and enter the IP
address. Make sure that you have entered the IP address
correctly, or the connection cannot be made. Remember,
this is NOT the IP address of the local VPN Router; it is the
IP address of the remote VPN router or device with which
you wish to communicate. If the IP address is dynamic,
select FQDN for DDNS or Any. If FQDN is selected, enter
the domain name of the remote router, so the Router can
locate a current IP address using DDNS. If Any is selected,
then the Router will accept requests from any IP address.
Key Management
Key Exchange Method IKE is an Internet Key Exchange
protocol used to negotiate key material for Security
Association (SA). IKE uses the Pre-shared Key to
authenticate the remote IDE peer. Select Auto (IKE) for the
Key Exchange Method. Both ends of a VPN tunnel must
use the same mode of key management. The settings
available on this screen may change, depending on the
selection you have made.
Operation Mode
Use this option to set the operation
mode to Main (default) or Aggressive. Main Mode
operation is supported in ISAKMP SA establishment.
ISAKMP Encryption Method
types of encryption: DES, AES-8, AES-9, or AES-
. You may choose any of these, but it must be the
Wireless-G VPN Router with RangeBooster
There are four different
Configuring the Wireless-G Router
same type of encryption that is being used by the VPN
device at the other end of the tunnel.
ISAKMP Authentication Method
of authentication: MD5 and SHA (SHA is recommended
because it is more secure). As with encryption, either
of these may be selected, provided that the VPN device
at the other end of the tunnel is using the same type of
authentication.
ISAKMP DH Group
This is for Diffie-Hellman key
negotiation. There are 7 groups available for ISAKMP SA
establishment. Group 1024, 1536, 2048, 3072, 4096, 6144,
and 8192 represent different bits used in Diffie-Hellman
mode operation. The default value is 0.
ISAKMP Key Lifetime(s) This field specifies how long
an ISAKMP key channel should be kept, before being
renegotiated. The default is 8800 seconds.
PFS
PFS (Perfect Forward Secrecy) ensures that the initial
key exchange and IKE proposals are secure. To use PFS,
click the Enabled radio button.
IPSec Encryption Method
make your connection more secure. There are four
different types of encryption: DES, AES-8, AES-9,
or AES-. You may choose any of these, but it must be
the same type of encryption that is being used by the VPN
device at the other end of the tunnel.
IPSec Authentication Method
as another level of security. There are two types of
authentication: MD5 and SHA (SHA is recommended
because it is more secure). As with encryption, either
of these may be selected, provided that the VPN device
at the other end of the tunnel is using the same type of
authentication. Or, both ends of the tunnel may choose to
disable authentication.
IPSec DH Group This is the same as the ISAKMP DH Group
setting.
IPSec Key Lifetime(s) In this field, you may optionally
select to have the key expire at the end of a time period of
your choosing. Enter the number of seconds you'd like the
key to be used until a re-key negotiation between each
endpoint is completed. The default is 00 seconds.
Pre-shared Key
Enter a series of numbers or letters in
the Pre-shared Key field. Based on this word, which MUST
be entered at both ends of the tunnel, a key is generated
to scramble (encrypt) the data being transmitted over the
tunnel, where it is unscrambled (decrypted). You may use
any combination of up to 24 numbers or letters in this
field. No special characters or spaces are allowed.
Tunnel Options
Dead Peer Detection You can select Dead Peer
Detection (DPD) to detect the status of a remote Peer.
There are two types
Using encryption also helps
Authentication acts