Advanced configuration – Linksys BEFVP41 User Manual
Page 15
Chapter 3
Advanced Configuration
11
EtherFast Cable/DSL VPN Router with 4-Port Switch
for a specific computer on the Internet (for example:
vpn.myvpnserver.com).
Any
The remote VPN Router will accept a request from any
IP address. The remote VPN device can be another VPN
Router, a VPN server, or a computer with VPN client
software that supports IPSec. If the remote user has an
unknown or dynamic IP address (such as a professional on
the road or a telecommuter using DHCP or PPPoE), then
select this option.
Encryption
Encryption helps make your connection
more secure. Select DES or 3DES. 3DES is recommended
because it is more secure. Both ends of the tunnel can also
choose to disable encryption.
NOTE:
The encryption method you select must
match the encryption method on the remote
VPN device.
Authentication
Authentication acts as another level
of security. Select MD5 or SHA. SHA is recommended
because it is more secure. Both ends of the tunnel can also
choose to disable authentication.
NOTE:
Then authentication method you select
must match the authentication method on the
remote VPN device.
Key Management
In order for any encryption to occur, the two ends of a
VPN tunnel must agree on the methods of encryption,
decryption, and authentication. This is done by sharing
a key to the encryption code. For key management, the
default is Auto (IKE). To generate the key yourself, select
Manual. Follow the instructions for the Key Management
option you have selected.
Remote Security Group Type > IP
Auto (IKE)
IKE is an Internet Key Exchange protocol used to negotiate
key material for Security Association (SA). IKE uses the
Preshared Key to authenticate the remote IKE peer.
Perfect Forward Secrecy
If the Perfect Forward Secrecy
(PFS) feature is enabled, IKE Phase 2 negotiation will
generate new key material for IP traffic encryption and
authentication, so hackers using brute force to break
encryption keys will not be able to obtain future IPSec keys.
Select Enabled to ensure that the initial key exchange and
IKE proposals are secure.
Pre-shared Key
This specifies the pre-shared key used
to authenticate the remote IKE peer. Based on this Pre-
shared key, a key is generated to encrypt the data being
transmitted over the tunnel; at the end of the tunnel, the
key is decrypted. Enter a key of up to 24 alphanumeric
characters. No special characters or spaces are allowed.
Both ends of the VPN tunnel must use the same Pre-
shared Key. It is strongly recommended that you change
the Preshared Key periodically to maximize VPN security.
Key Lifetime
Enter the number of seconds you want the
key to last before it expires. Leave the field blank for the
key to last indefinitely. The default is 3600 seconds.
Manual
No key negotiation is needed. Manual key management is
used in small static environments or for troubleshooting
purposes.
Encryption Key
This field specifies a key used to encrypt
and decrypt IP traffic. Enter a key of up to 24 alphanumeric
characters. Make sure both ends of the VPN tunnel use the
same Encryption Key.
Authentication Key
This field specifies a key used to
authenticate IP traffic. Enter a key of up to 20 alphanumeric
characters. Make sure both ends of the VPN tunnel use the
same Authentication Key.
Inbound SPI
Enter the Inbound SPI value (numbers only).
This must match the Outbound SPI value of the remote
VPN device. After you click Save Settings, hexadecimal
characters (a series of letters and numbers) are displayed
in this field.
Outbound SPI
Enter the Outbound SPI value (numbers
only). This must match the Inbound SPI value of the remote
VPN device. After you click Save Settings, hexadecimal
characters (a series of letters and numbers) are displayed
in this field.
Status
The status of the VPN tunnel is displayed.
To create a VPN tunnel, click Connect. To display VPN
activity on a separate screen, click View Logs. The VPN Log
screen displays connections, transmissions, receptions,
and encryption methods (this is available if you enable
the log function on the Administration > Log screen). For
more advanced VPN options, click Advanced Setting.
Advanced Setting
For most users, the settings on the VPN page should
suffice; however, the Router provides advanced IPSec
settings for advanced users.