LINKSYS HGA7S-3 Wireless-G VPN Broadband Router User Manual Book

LINKSYS LLC Wireless-G VPN Broadband Router Book

UserManual.wiki >

HGA7S-3 User Manual >

Users Manual Part 5

Contents

Users Manual Part 5

72Appendix C: Configuring IPSec between a Windows 2000 PC and the RouterHow to Establish a Secure IPSec TunnelWireless-G VPN Boradband RouterHow to Establish a Secure IPSec TunnelStep 1: Create an IPSec Policy1. Click the Start button, select Run, and type secpol.msc in the Open field. The Local Security Setting screen will appear as shown in Figure C-1.2. Right-click IP Security Policies on Local Computer, and click Create IP Security Policy.3. Click the Next button, and then enter a name for your policy (for example, to_router). Then, click Next.4. Deselect the Activate the default response rule check box, and then click the Next button.5. Click the Finish button, making sure the Edit check box is checked.Step 2: Build Filter ListsFilter List 1: win->router1. In the new policy’s properties screen, verify that the Rules tab is selected, as shown in Figure C-2. Deselect the Use Add Wizard check box, and click the Add button to create a new rule. 2. Make sure the IP Filter List tab is selected, and click the Add button. (See Figure C-3.)NOTE: The references in this section to “win” are references to Windows 2000 and XP.Figure C-1: Password ScreenFigure C-2: Setup TabFigure C-3: IP Filter List Tab

73Appendix C: Configuring IPSec between a Windows 2000 PC and the RouterHow to Establish a Secure IPSec TunnelWireless-G VPN Boradband Router3. The IP Filter List screen should appear, as shown in Figure C-4. Enter an appropriate name, such as win->router, for the filter list, and de-select the Use Add Wizard check box. Then, click the Add button.4. The Filters Properties screen will appear, as shown in Figure C-5. Select the Addressing tab. In the Source address field, select My IP Address. In the Destination address field, select A specific IP Subnet, and fill in the IP Address: 192.168.1.0 and Subnet mask: 255.255.255.0. (These are the Router’s default settings. If you have changed these settings, enter your new values.)5. If you want to enter a description for your filter, click the Description tab and enter the description there. 6. Click the OK button. Then, click the OK (for Windows XP) or Close (for Windows 2000) button on the IP Filter List window.Filter List 2: router=>win7. The New Rule Properties screen will appear, as shown in Figure C-6. Select the IP Filter List tab, and make sure that win -> router is highlighted. Then, click the Add button.Figure C-4: IP Filter ListFigure C-5: Filters PropertiesFigure C-6: New Rule Properties

74Appendix C: Configuring IPSec between a Windows 2000 PC and the RouterHow to Establish a Secure IPSec TunnelWireless-G VPN Boradband Router8. The IP Filter List screen should appear, as shown in Figure C-7. Enter an appropriate name, such as router->win for the filter list, and de-select the Use Add Wizard check box. Click the Add button. 9. The Filters Properties screen will appear, as shown in Figure C-8. Select the Addressing tab. In the Source address field, select A specific IP Subnet, and enter the IP Address: 192.168.1.0 and Subnet mask: 255.255.255.0. (Enter your new values if you have changed the default settings.) In the Destination address field, select My IP Address.10. If you want to enter a description for your filter, click the Description tab and enter the description there. 11. Click the OK button and the New Rule Properties screen should appear with the IP Filer List tab selected, as shown in Figure C-9. There should now be a listing for “router -> win” and “win -> router”. Click the OK (for WinXP) or Close (for Win2000) button on the IP Filter List window. Figure C-7: IP Filter ListFigure C-8: Filters PropertiesFigure C-9: New Rule Properties

75Appendix C: Configuring IPSec between a Windows 2000 PC and the RouterHow to Establish a Secure IPSec TunnelWireless-G VPN Boradband RouterStep 3: Configure Individual Tunnel RulesTunnel 1: win->router1. From the IP Filter List tab, shown in Figure C-10, click the filter list win->router. 2. Click the Filter Action tab (as in Figure C-11), and click the filter action Require Security radio button. Then, click the Edit button.3. From the Security Methods tab, shown in Figure C-12, verify that the Negotiate security option is enabled, and deselect the Accept unsecured communication, but always respond using IPSec check box. Select Session key Perfect Forward Secrecy, and click the OK button.Figure C-12: Security Methods TabFigure C-11: Filter Action TabFigure C-10: IP Filter List Tab

76Appendix C: Configuring IPSec between a Windows 2000 PC and the RouterHow to Establish a Secure IPSec TunnelWireless-G VPN Boradband Router4. Select the Authentication Methods tab, shown in Figure C-13, and click the Edit button.5. Change the authentication method to Use this string to protect the key exchange (preshared key), as shown in Figure C-14, and enter the preshared key string, such as XYZ12345. Click the OK button.6. This new Preshared key will be displayed in Figure C-15. Click the OK or Close button to continue.Figure C-14: Preshared KeyFigure C-13: Authentication MethodsFigure C-15: New Preshared Key

77Appendix C: Configuring IPSec between a Windows 2000 PC and the RouterHow to Establish a Secure IPSec TunnelWireless-G VPN Boradband Router7. Select the Tunnel Setting tab, shown in Figure C-16, and click The tunnel endpoint is specified by this IP Address radio button. Then, enter the Router’s WAN IP Address.8. Select the Connection Type tab, as shown in Figure C-17, and click All network connections. Then, click the OK or Close button to finish this rule.Tunnel 2: router->win9. In the new policy’s properties screen, shown in Figure C-18, make sure that “win -> router” is selected and deselect the Use Add Wizard check box. Then, click the Add button to create the second IP filter.Figure C-16: Tunnel Setting TabFigure C-17: Connectin Type TabFigure C-18: Properties Screen

78Appendix C: Configuring IPSec between a Windows 2000 PC and the RouterHow to Establish a Secure IPSec TunnelWireless-G VPN Boradband Router10. Go to the IP Filter List tab, and click the filter list router->win, as shown in Figure C-19.11. Click the Filter Action tab, and select the filter action Require Security, as shown in Figure C-20. Then, click the Edit button.12. Click the Authentication Methods tab, and verify that the authentication method Kerberos is selected, as shown in Figure C-21. Then, click the Edit button.Figure C-19: IP Filter List TabFigure C-20: Filter Action TabFigure C-21: Authentication Methods Tab

79Appendix C: Configuring IPSec between a Windows 2000 PC and the RouterHow to Establish a Secure IPSec TunnelWireless-G VPN Boradband Router13. Change the authentication method to Use this string to protect the key exchange (preshared key), and enter the preshared key string, such as XYZ12345, as shown in Figure C-22. (This is a sample key string. Yours should be a key that is unique but easy to remember.) Then click the OK button. 14. This new Preshared key will be displayed in Figure C-23. Click the OK button to continue.15. From the Tunnel Setting tab, shown in Figure C-24, click the radio button for The tunnel endpoint is specified by this IP Address, and enter the Windows 2000/XP computer’s IP Address. Figure C-24: Tunnel Seting TabFigure C-22: Preshared KeyFigure C-23: New Preshared Key

80Appendix C: Configuring IPSec between a Windows 2000 PC and the RouterHow to Establish a Secure IPSec TunnelWireless-G VPN Boradband Router16. Click the Connection Type tab, shown in Figure C-25, and select All network connections. Then click the OK (for Windows XP) or Close (for Windows 2000) button to finish.17. From the Rules tab, shown in Figure C-26, click the OK button to return to the secpol screen.Step 4: Assign New IPSec PolicyIn the IP Security Policies on Local Computer window, shown in Figure C-27, right-click the policy named to_router, and click Assign. A green arrow appears in the folder icon. Figure C-25: Connection TypeFigure C-26: RulesFigure C-27: Local Computer

81Appendix C: Configuring IPSec between a Windows 2000 PC and the RouterHow to Establish a Secure IPSec TunnelWireless-G VPN Boradband RouterStep 5: Create a Tunnel Through the Web-Based Utility1. Open your web browser, and enter 192.168.1.1 in the Address field. Press the Enter key. 2. When the User name and Password field appears, enter the default the user name and password admin. Press the Enter key. 3. From the Setup tab, click the VPN tab.4. From the VPN tab, shown in Figure C-28, select the tunnel you wish to create in the Select Tunnel Entry drop-down box. Then click Enabled. Enter the name of the tunnel in the Tunnel Name field. This is to allow you to identify multiple tunnels and does not have to match the name used at the other end of the tunnel.5. Enter the IP Address and Subnet Mask of the local VPN Router in the Local Secure Group fields. To allow access to the entire IP subnet, enter 0 for the last set of IP Addresses. (e.g. 192.168.1.0).6. Enter the IP Address and Subnet Mask of the VPN device at the other end of the tunnel (the remote VPN Router or device with which you wish to communicate) in the Remote Security Gateway fields. 7. Select fromtwo different types of encryption: DES or 3DES (3DES is recommended because it is more secure). You may choose either of these, but it must be the same type of encryption that is being used by the VPN device at the other end of the tunnel. Or, you may choose not to encrypt by selecting Disable. 8. Select from two types of authentication: MD5 and SHA (SHA is recommended because it is more secure). As with encryption, either of these may be selected, provided that the VPN device at the other end of the tunnel is using the same type of authentication. Or, both ends of the tunnel may choose to Disable authentication. 9. Select the Key Management. Select Auto (IKE) and enter a series of numbers or letters in the Pre-shared Key field. Check the box next to PFS (Perfect Forward Secrecy) to ensure that the initial key exchange and IKE proposals are secure. You may use any combination of up to 24 numbers or letters in this field. No special characters or spaces are allowed. In the Key Lifetime field, you may optionally select to have the key expire at the end of a time period of your choosing. Enter the number of seconds you’d like the key to be useful, or leave it blank for the key to last indefinitely.10. Click the Save Settings button to save these changes. Your tunnel should now be established.Figure C-28: VPN Tab

Navigation menu