User manual AIRLIVE RS-2500

[. . . ] RS-2500 Dual WAN Security VPN Gateway User's Manual Copyright and Disclaimer Copyright & Disclaimer No part of this publication may be reproduced in any form or by any means, whether electronic, mechanical, photocopying, or recording without the written consent of OvisLink Corp. OvisLink Corp. has made the best effort to ensure the accuracy of the information in this user's guide. However, we are not liable for the inaccuracies or errors in this guide. All Trademarks are properties of their respective holders. AirLive RS-2500 User's Manual Table of Contents Table of Contents 1. [. . . ] So, user should type in the domain name in Remote Gateway item, instead of typing IP address. AirLive RS-2500 User's Manual 116 17. Configuration Example: IPSec & PPTP VPN 17. 2 IPSec VPN - Office to Office (2) Preparation: Company A - RS-2500 - WAN IP: 60. 250. 158. 66, LAN IP: 192. 168. 10. x Company B 1. PPPoA Modem Router - WAN IP: PPPoA with (airlive15. dyndns. org), LAN IP: 192. 168. 20. x 2. RS-2500 - WAN IP: 192. 168. 20. 254, LAN IP: 192. 168. 30. x DDNS service enabled This example takes two RS-2500s as work platform. The Company B of RS-2500 is installed behind a PPPoA modem router and the WAN interface is set to private IP address. So, the RS-2500 in Company B can create an IPSec VPN tunnel to RS-2500 in Company A. (Figure 17-30) Figure 17-30 Example 2 Topology RS-2500 configuration of Company A: STEP 1Enter the default IP of Gateway of Company A's RS-2500 with 192. 168. 10. 1, and select IPSec Autokey in VPN. (Figure 17-31) Figure 17-31 IPSec Autokey WebUI STEP 2In the list of IPSec Autokey, fill in Name with VPN_A. (Figure 17-32) Figure 17-32 IPSec Autokey Name Setting 117 AirLive RS-2500 User's Manual 17. Configuration Example: IPSec & PPTP VPN STEP 3Select Remote Gateway-Fixed IP or Domain Name In To Remote list and enter the domain name. (Figure 17-33) Figure 17-33 IPSec To Destination Setting STEP 4 Select Preshare in Authentication Method and enter the Preshared Key (Figure 17-34) Figure 17-34 IPSec Authentication Method Setting STEP 5Select ISAKMP Algorithm in Encapsulation list. Please select ENC Algorithm (3DES/DES/AES), AUTH Algorithm (MD5/SHA1), and Group (GROUP1, 2, 5). Here we select 3DES for ENC Algorithm, MD5 for AUTH Algorithm and GROUP1 for Group. (Figure 17-35) Figure 17-35 IPSec Encapsulation Setting STEP 6You can choose Data Encryption + Authentication or Authentication Only to communicate in IPSec Algorithm list. ENC Algorithm: 3DES/DES/AES/NULL AUTH Algorithm: MD5/SHA1 Here we select 3DES for ENC Algorithm and MD5 for AUTH Algorithm to make sure the encapsulation way for data transmission (Figure 17-36) Figure 17-36 IPSec Algorithm Setting AirLive RS-2500 User's Manual 118 17. Configuration Example: IPSec & PPTP VPN STEP 7Select GROUP1 in Perfect Forward Secrecy, enter 3600 seconds in ISAKMP Lifetime, enter 28800 seconds in IPSec Lifetime, and selecting Main mode in Mode. Enter Company B's RS-2500 WAN IP address as the peer ID of Company A's RS-2500 VPN setting. (Figure 17-37) Figure 17-37 IPSec Perfect Forward Secrecy Setting STEP 8 Complete the IPSec Autokey setting. (Figure 17-38) Figure 17-38 Complete Company A IPSec Autokey Setting STEP 9Enter the following setting in Trunk of VPN function: (Figure 17-39) Enter a specific Trunk Name, for example VPN_Tunnel_A. From Local: Select LAN From Local Subnet / Mask: Enter 192. 168. 10. 0 / 255. 255. 255. 0. Enter 192. 168. 30. 1 (the RS-2500 Default Gateway of Company B) as the Keep alive IP Select Show remote Network Neighborhood and Click OK. Configuration Example: IPSec & PPTP VPN Figure 17-39 New Entry Trunk Setting Figure 17-40 Complete New Entry Trunk Setting STEP 10Enter the following setting in Outgoing Policy:(Figure 17-41) Trunk: Select VPN_Tunnel_A. Click OK. (Figure 17-42) Figure 17-41 Setting the VPN Tunnel Outgoing Policy AirLive RS-2500 User's Manual 120 17. [. . . ] If users require data encryption when using the Windows PPTP client, the remote VPN server must support MPPE (Microsoft Point-To-Point Encryption Protocol) encryption. PPTP is also used by some ISP for user authentication, particularly when pairing with legacy Alcatel / Thomson ADSL modem. Preshare Key The IKE VPN must be defined with a Preshared Key. The Key may be up to 128 bytes long. AirLive RS-2500 User's Manual 238 24. Specifications ISAKMP (Internet Security Association Key Management Protocol) An extensible protocol-encoding scheme that complies to the Internet Key Exchange (IKE) framework for establishment of Security Associations (SAs). AH (Authentication Header) One of the IPSec standards that allows for data integrity of data packets. ESP (Encapsulating Security Payload) One of the IPSec standards that provides for the confidentiality of data packets. DES (Data Encryption Standard) The Data Encryption Standard developed by IBM in 1977 is a 64-bit block encryption block cipher using a 56-bit key. Triple-DES (3DES) The DES function performed three times with either two or three cryptographic keys. AES (Advanced Encryption Standard) An encryption algorithm yet to be decided that will be used to replace the aging DES encryption algorithm and that the NIST hopes will last for the next 20 to 30 years. NULL Algorithm It is a fast and convenient connecting mode to make sure its privacy and authentication without encryption. [. . . ]