Linksys RVS4000 User Manual page 26

Chapter 
Remote Security Group Type
user(s) behind the remote gateway who can use this VPN
tunnel. This may be a single IP address or a Sub-network.
Note that the Remote Security Group Type must match
the other router's Local Security Group Type.
IP Address
Enter the IP address on the remote network.
Subnet Mask
If the Remote Security Group Type is set to
Subnet, enter the mask to determine the IP addresses on
the remote network.
IPSec Setup
Keying Mode The router supports both automatic and
manual key management. When choosing automatic key
management, IKE (Internet Key Exchange) protocols are
used to negotiate key material for SA (Security Association).
If manual key management is selected, no key negotiation
is needed. Basically, manual key management is used in
small static environments or for troubleshooting purposes.
Note that both sides must use the same Key Management
method.
Phase 
Encryption The Encryption method determines the
•
length of the key used to encrypt/decrypt ESP packets.
Only 3DES is supported. Notice that both sides must
use the same Encryption method.
Authentication Authentication determines a method
•
to authenticate the ESP packets. Either MD5 or SHA1
may be selected. Notice that both sides (VPN endpoints)
must use the same Authentication method.
MD
A one-way hashing algorithm that produces
•
a 128-bit digest.
SHA
A one-way hashing algorithm that produces
•
a 160-bit digest.
Group The Diffie-Hellman (DH) group to be used for
•
key exchange. Select the 768-bit (Group 1), 1024-bit
(Group 2), or 1536-bit (Group 5) algorithm. Group 5
provides the most security, Group 1 the least.
Key Life Time This specifies the lifetime of the IKE-
•
generated key. If the time expires, a new key will be
renegotiated automatically. Enter a value from 300 to
100,000,000 seconds. The default is 8800 seconds.
Phase 
Encryption The Encryption method determines the
•
length of the key used to encrypt/decrypt ESP packets.
Only 3DES is supported. Note that both sides must use
the same Encryption method.
Authentication
Authentication determines a method
•
to authenticate the ESP packets. Either MD5 or SHA1
may be selected. Note that both sides (VPN endpoints)
must use the same Authentication method.
4-Port Gigabit Security Router with VPN
Select the remote LAN
Setting Up and Configuring the Router
MD
A one-way hashing algorithm that produces
•
a 128-bit digest.
SHA
A one-way hashing algorithm that produces
•
a 160-bit digest.
Perfect Forward Secrecy
•
2 negotiation will generate a new key material for IP
traffic encryption and authentication. Note that both
sides must have this selected.
Preshared Key IKE uses the Preshared Key field to
•
authenticate the remote IKE peer. Both character and
hexadecimal values are acceptable in this field; e.g.,
"My_@123" or "0x4d795f40313233". Note that both
sides must use the same Preshared Key.
Group
The Diffie-Hellman (DH) group to be used for
•
key exchange. Select the 768-bit (Group 1), 1024-bit
(Group 2), or 1536-bit (Group 5) algorithm. Group 5
provides the most security, Group 1 the least.
Key Life Time
This specifies the lifetime of the IKE-
•
generated key. If the time expires, a new key will be
renegotiated automatically. Enter a value from 300 to
100,000,000 seconds. The default is 00 seconds.
Status
Status
Displays the connection status for the selected
tunnel. The state is either connected or disconnected.
Connect
Click this button to establish a connection for
the current VPN tunnel. If you have made any changes,
click Save Settings first to apply your changes.
Disconnect
Click this button to break a connection for
the current VPN tunnel.
View Log Click this button to view the VPN log, which
shows details of each tunnel established.
Advanced
Click this button to display the following
additional settings.
Aggressive Mode
This is used to specify the type of
•
Phase 1 exchange, Main mode or Aggressive mode.
Check the box to select Aggressive Mode or leave
the box unchecked (default) to select Main mode.
Aggressive mode requires half of the main mode
messages to be exchanged in Phase 1 of the SA
exchange. If network security is preferred, select Main
mode.
NetBios Broadcasts Check the box to enable NetBIOS
•
traffic to pass through the VPN tunnel. By default, the
RVS4000 blocks these broadcasts.
Click Save Settings to save the settings you have entered.
Click Cancel Changes to cancel any changes you have
entered.
If PFS is enabled, IKE Phase