Access restrictions, Advanced configuration – Linksys BEFVP41 User Manual

Chapter 3

Advanced Configuration

12

EtherFast Cable/DSL VPN Router with 4-Port Switch

Advanced VPN Tunnel Setup

Phase 1

Phase 1 is used to create a security association (SA), often

called the IKE SA. After Phase 1 is completed, Phase 2 is

used to create one or more IPSec SAs, which are then used

to key IPSec sessions.

Operation mode

There are two types of Phase 1

exchanges, Main mode and Aggressive mode, which

exchange the same IKE payloads in different sequences.

Main mode is for normal usage and includes more

authentication requirements than Aggressive mode.

If network security is preferred, select Main mode. If

network speed is preferred, select Aggressive mode. No

matter which mode is selected, the VPN Router will accept

both Main and Aggressive requests from the remote VPN

device.

Username

If a user on one side of the tunnel is using a

unique firewall identifier, then select this option and enter

the unique firewall identifier.

Proposal 1

Encryption

Select the length of the key used to encrypt/

decrypt ESP packets. Select DES or 3DES. 3DES is

recommended because it is more secure.

Authentication

Select the method used to authenticate

ESP packets. Select MD5 or SHA. SHA is recommended

because it is more secure.

Group

Select the Diffie-Hellman Group, which is a

cryptographic technique that uses public and private

keys for encryption and decryption. Select 768-bit or

1024-bit.

Key Lifetime

Enter the number of seconds you want

the key to last before a re-key negotiation between each

endpoint is completed. The default is 3600 seconds.

Phase 2

The Encryption, Authentication, and PFS settings are

automatically displayed.

Group

Select the Diffie-Hellman Group, which is a

cryptographic technique that uses public and private

keys for encryption and decryption. Select 768-bit or

1024-bit.

Key Lifetime

Enter the number of seconds you want

the key to last before a re-key negotiation between each

endpoint is completed. The default is 3600 seconds.

Other Settings

NetBIOS broadcast

To enable NetBIOS traffic to pass

through the VPN tunnel, select this option.

Anti-replay

Anti-replay protection keeps track of

sequence numbers as packets arrive, ensuring security at

the IP packet level. To enable the Anti-replay protection,

select this option.

Keep-Alive

Keep-Alive helps maintain IPSec VPN tunnel

connections. To re-establish the VPN tunnel whenever it is

dropped, select this option.

If IKE failed more than _ times, block this unauthorized

IP for _ seconds

To block unauthorized IP addresses,

select this option. Specify how many times IKE must fail

before blocking that unauthorized IP address for a length

of time that you specify.
On the Advanced VPN Tunnel Setup screen, click Save

Settings to apply your changes, or click Cancel Changes

to cancel your changes.
On the VPN screen, click Save Settings to apply your

changes, or click Cancel Changes to cancel your

changes.

Access Restrictions

The Access Restrictions screen allows you to block or allow

specific kinds of Internet usage and traffic, such as Internet

access, designated services, and websites during specific

days and times.