LINKSYS HGA5S-3 Wireless-G VPN Broadband Router User Manual Book
LINKSYS LLC Wireless-G VPN Broadband Router Book
LINKSYS >
Contents
- 1. Users Manual Part 1
- 2. Users Manual Part 2
- 3. Users Manual Part 3
- 4. Users Manual Part 4
- 5. User Manual Part 5
Users Manual Part 4
Wireless-G VPN Broadband Router Local Network The Local Network information that is displayed is the IP Address, Subnet Mask, DHCP Server, and DHCP Client Lease Info. To view the DHCP Clients Table, click the DHCP Clients button. See Figure 6-36. The DHCP Active IP Table, Figure 6-37, displays the computer name, IP Address, MAC Address and the expiration time. Click the Close button to return to the Local Network screen. Figure 6-36: Local Network Figure 6-37: DHCP Active IP Table Chapter 6: Configuring the Router Status 47 Wireless-G VPN Broadband Router Wireless The Wireless Network information that is displayed is the MAC Address, Mode, SSID, Channel, and Encryption Function. (See Figure 6-38.) Click the Refresh button if you want to Refresh your screen. System Performance The System Peformance information that is displayed is the Wireless, Internet, and/or LAN information for the IP Address, MAC Address, Connection Status, Packets Received, Packets Sent, Bytes Received, Bytes Sent, Error Packes Received, and Dropped Packets Received. (See Figure 6-39.) Click the Refresh button if you want to Refresh your screen. Figure 6-38: Wireless Figure 6-39: System Performance Chapter 6: Configuring the Router Status 48 Wireless-G VPN Broadband Router Appendix A: Troubleshooting This appendix consists of two parts: “Common Problems and Solutions” and “Frequently Asked Questions.” Provided are possible solutions to problems that may occur during the installation and operation of the Router. Read the descriptions below to help you solve your problems. If you can’t find an answer here, check the Linksys website at www.linksys.com. Common Problems and Solutions 1. I need to set a static IP address on a PC. You can assign a static IP address to a PC by performing the following steps: • For Windows 98 and Me: 1. Click Start, Settings, and Control Panel. Double-click Network. 2. In The following network components are installed box, select the TCP/IP-> associated with your Ethernet adapter. If you only have one Ethernet adapter installed, you will only see one TCP/IP line with no association to an Ethernet adapter. Highlight it and click the Properties button. 3. In the TCP/IP properties window, select the IP address tab, and select Specify an IP address. Enter a unique IP address that is not used by any other computer on the network connected to the Router. Make sure that each IP address is unique for each PC or network device. 4. Click the Gateway tab, and in the New Gateway prompt, enter 192.168.1.1, which is the default IP address of the Router. Click the Add button to accept the entry. 5. Click the DNS tab, and make sure the DNS Enabled option is selected. Enter the Host and Domain names (e.g., John for Host and home for Domain). Enter the DNS entry provided by your ISP. If your ISP has not provided the DNS IP address, contact your ISP to get that information or go to its website for the information. 6. Click the OK button in the TCP/IP properties window, and click Close or the OK button for the Network window. 7. Restart the computer when asked. • For Windows 2000: 1. Click Start, Settings, and Control Panel. Double-click Network and Dial-Up Connections. 2. Right-click the Local Area Connection that is associated with the Ethernet adapter you are using, and select the Properties option. 3. In the Components checked are used by this connection box, highlight Internet Protocol (TCP/IP), and click the Properties button. Select Use the following IP address option. 4. Enter a unique IP address that is not used by any other computer on the network connected to the Router. 5. Enter the Subnet Mask, 255.255.255.0. 6. Enter the Default Gateway, 192.168.1.1 (Router’s default IP address). Appendix A: Troubleshooting Common Problems and Solutions 49 Wireless-G VPN Broadband Router 7. Toward the bottom of the window, select Use the following DNS server addresses, and enter the Preferred DNS server and Alternative DNS server (provided by your ISP). Contact your ISP or go on its website to find the information. 8. Click the OK button in the Internet Protocol (TCP/IP) Properties window, and click the OK button in the Local Area Connection Properties window. 9. Restart the computer if asked. • For Windows XP: The following instructions assume you are running Windows XP with the default interface. If you are using the Classic interface (where the icons and menus look like previous Windows versions), please follow the instructions for Windows 2000. 1. Click Start and Control Panel. 2. Click the Network and Internet Connections icon and then the Network Connections icon. 3. Right-click the Local Area Connection that is associated with the Ethernet adapter you are using, and select the Properties option. 4. In the This connection uses the following items box, highlight Internet Protocol (TCP/IP). Click the Properties button. 5. Enter a unique IP address that is not used by any other computer on the network connected to the Router. 6. Enter the Subnet Mask, 255.255.255.0. 7. Enter the Default Gateway, 192.168.1.1 (Router’s default IP address). 8. Toward the bottom of the window, select Use the following DNS server addresses, and enter the Preferred DNS server and Alternative DNS server (provided by your ISP). Contact your ISP or go on its website to find the information. 9. Click the OK button in the Internet Protocol (TCP/IP) Properties window. Click the OK button in the Local Area Connection Properties window. 2. I want to test my Internet connection. A Check your TCP/IP settings. For Windows 98, Me, 2000, and XP: • Refer to “Chapter 4: Configure the PCs” for details. Make sure Obtain IP address automatically is selected in the settings. For Windows NT 4.0: • Click Start, Settings, and Control Panel. Double-click the Network icon. • Click the Protocol tab, and double-click on TCP/IP Protocol. • When the window appears, make sure you have selected the correct Adapter for your Ethernet adapter and set it for Obtain an IP address from a DHCP server. • Click the OK button in the TCP/IP Protocol Properties window, and click the Close button in the Network window. • Restart the computer if asked. B Open a command prompt. Appendix A: Troubleshooting Common Problems and Solutions 50 Wireless-G VPN Broadband Router For Windows 98 and Me: • Click Start and Run. In the Open field, type in command. Press the Enter key or click the OK button. For Windows NT, 2000, and XP: • Click Start and Run. In the Open field, type cmd. Press the Enter key or click the OK button. In the command prompt, type ping 192.168.1.1 and press the Enter key. • If you get a reply, the computer is communicating with the Router. • If you do NOT get a reply, please check the cable, and make sure Obtain an IP address automatically is selected in the TCP/IP settings for your Ethernet adapter. C In the command prompt, type ping followed by your Internet or WAN IP address and press the Enter key. The Internet or WAN IP Address can be found on the Status screen of the Router’s web-based utility. For example, if your Internet or WAN IP address is 1.2.3.4, you would enter ping 1.2.3.4 and press the Enter key. • If you get a reply, the computer is connected to the Router. • If you do NOT get a reply, try the ping command from a different computer to verify that your original computer is not the cause of the problem. D In the command prompt, type ping www.yahoo.com and press the Enter key. • If you get a reply, the computer is connected to the Internet. If you cannot open a webpage, try the ping command from a different computer to verify that your original computer is not the cause of the problem. • If you do NOT get a reply, there may be a problem with the connection. Try the ping command from a different computer to verify that your original computer is not the cause of the problem. 3. I am not getting an IP address on the Internet with my Internet connection. • Refer to “Problem #2, I want to test my Internet connection” to verify that you have connectivity. 1. If you need to register the MAC address of your Ethernet adapter with your ISP, please see “Appendix D: Finding the MAC address and IP Address for Your Ethernet Adapter.” If you need to clone the MAC address of your Ethernet adapter onto the Router, see the System section of “Chapter 6: The Router’s Web-based Utility” for details. 2. Make sure you are using the right Internet connection settings. Contact your ISP to see if your Internet connection type is DHCP, Static IP Address, or PPPoE (commonly used by DSL consumers). Please refer to the Setup section of “Chapter 6: The Router’s Web-based Utility” for details on Internet connection settings. 3. Make sure you have the right cable. Check to see if the Internet column has a solidly lit Link/Act LED. 4. Make sure the cable connecting from your cable or DSL modem is connected to the Router’s Internet port. Verify that the Status page of the Router’s web-based utility shows a valid IP address from your ISP. 5. Turn off the computer, Router, and cable/DSL modem. Wait 30 seconds, and then turn on the Router, cable/DSL modem, and computer. Check the Status tab of the Router’s web-based utility to see if you get an IP address. Appendix A: Troubleshooting Common Problems and Solutions 51 Wireless-G VPN Broadband Router 4. I am not able to access the Setup page of the Router’s web-based utility. • Refer to “Problem #2, I want to test my Internet connection” to verify that your computer is properly connected to the Router. 1. Refer to “Appendix D: Finding the MAC Address and IP address for Your Ethernet Adapter” to verify that your computer has an IP Address, Subnet Mask, Gateway, and DNS. 2. Set a static IP address on your system; refer to “Problem #1: I need to set a static IP address.” 3. Refer to “Problem #10: I need to remove the proxy settings or the dial-up pop-up window (for PPPoE users).” 5. I can’t get my Virtual Private Network (VPN) working through the Router. Access the Router’s web interface by going to http://192.168.1.1 or the IP address of the Router, and go to the Security tab. Make sure you have IPsec pass-through and/or PPTP pass-through enabled. • VPNs that use IPSec with the ESP (Encapsulation Security Payload known as protocol 50) authentication will work fine. At least one IPSec session will work through the Router; however, simultaneous IPSec sessions may be possible, depending on the specifics of your VPNs. • VPNs that use IPSec and AH (Authentication Header known as protocol 51) are incompatible with the Router. AH has limitations due to occasional incompatibility with the NAT standard. • Change the IP address for the Router to another subnet to avoid a conflict between the VPN IP address and your local IP address. For example, if your VPN server assigns an IP address 192.168.1.X (X is a number from 1 to 254) and your local LAN IP address is 192.168.1.X (X is the same number used in the VPN IP address), the Router will have difficulties routing information to the right location. If you change the Router’s IP address to 192.168.2.1, that should solve the problem. Change the Router’s IP address through the Setup tab • of the web interface. If you assigned a static IP address to any computer or network device on the network, you need to change its IP address accordingly to 192.168.2.Y (Y being any number from 1 to 254). Note that each IP address must be unique within the network. • Your VPN may require port 500/UDP packets to be passed to the computer that is connecting to the IPSec server. Refer to “Problem #7, I need to set up online game hosting or use other Internet applications” for details. • Check the Linksys website for more information at www.linksys.com. 6. I need to set up a server behind my Router and make it available to the public. To use a server like a web, ftp, or mail server, you need to know the respective port numbers they are using. For example, port 80 (HTTP) is used for web; port 21 (FTP) is used for FTP, and port 25 (SMTP outgoing) and port 110 (POP3 incoming) are used for the mail server. You can get more information by viewing the documentation provided with the server you installed. • Follow these steps to set up port forwarding through the Router’s web-based utility. We will be setting up web, ftp, and mail servers. 1. Access the Router’s web-based utility by going to http://192.168.1.1 or the IP address of the Router. Go to the Applications and Gaming => Port Forwarding tab. Appendix A: Troubleshooting Common Problems and Solutions 52 Wireless-G VPN Broadband Router 2. Enter any name you want to use for the Customized Application. 3. Enter the External Port range of the service you are using. For example, if you have a web server, you would enter the range 80 to 80. 4. Check the protocol you will be using, TCP and/or UDP. 5. Enter the IP address of the PC or network device that you want the port server to go to. For example, if the web server’s Ethernet adapter IP address is 192.168.1.100, you would enter 100 in the field provided. Check “Appendix D: Finding the MAC Address and IP Address for Your Ethernet Adapter” for details on getting an IP address. 6. Check the Enable option for the port services you want to use. Consider the example below: Customized External Port Application Web server 80 to 80 FTP server 21 to 21 SMTP (outgoing)25 to 25 POP3 (incoming)110 to 110 TCP UDP IP Address Enable 192.168.1.100 192.168.1.101 192.168.1.102 192.168.1.102 When you have completed the configuration, click the Save Settingsbutton. 7. I need to set up online game hosting or use other Internet applications. If you want to play online games or use Internet applications, most will work without doing any port forwarding or DMZ hosting. There may be cases when you want to host an online game or Internet application. This would require you to set up the Router to deliver incoming packets or data to a specific computer. This also applies to the Internet applications you are using. The best way to get the information on what port services to use is to go to the website of the online game or application you want to use. Follow these steps to set up online game hosting or use a certain Internet application: 1. Access the Router’s web interface by going to http://192.168.1.1 or the IP address of the Router. Go to the Applications and Gaming => Port Forwarding tab. 2. Enter any name you want to use for the Customized Application. 3. Enter the External Port range of the service you are using. For example, if you want to host Unreal Tournament (UT), you would enter the range 7777 to 27900. 4. Check the protocol you will be using, TCP and/or UDP. 5. Enter the IP address of the PC or network device that you want the port server to go to. For example, if the web server’s Ethernet adapter IP address is 192.168.1.100, you would enter 100 in the field provided. Check “Appendix D: Finding the MAC Address and IP Address for Your Ethernet Adapter” for details on getting an IP address. 6. Check the Enable option for the port services you want to use. Consider the example below: Appendix A: Troubleshooting Common Problems and Solutions 53 Wireless-G VPN Broadband Router Customized External Port Application UT 7777 to 27900 Halflife 27015 to 27015 PC Anywhere5631 to 5631 VPN IPSEC 500 to 500 TCP UDP IP Address Enable 192.168.1.100 192.168.1.105 192.168.1.102 192.168.1.100 When you have completed the configuration, click the Save Settings button. 8. I can’t get the Internet game, server, or application to work. If you are having difficulties getting any Internet game, server, or application to function properly, consider exposing one PC to the Internet using DeMilitarized Zone (DMZ) hosting. This option is available when an application requires too many ports or when you are not sure which port services to use. Make sure you disable all the forwarding entries if you want to successfully use DMZ hosting, since forwarding has priority over DMZ hosting. (In other words, data that enters the Router will be checked first by the forwarding settings. If the port number that the data enters from does not have port forwarding, then the Router will send the data to whichever PC or network device you set for DMZ hosting.) • Follow these steps to set DMZ hosting: 1. Access the Router’s web-based utility by going to http://192.168.1.1 or the IP address of the Router. Go to the Applications and Gaming => DMZ tab. 2. Disable or remove the entries you have entered for forwarding. Keep this information in case you want to use it at a later time. • Once completed with the configuration, click the Save Settings button. 9. I forgot my password, or the password prompt always appears when I am saving settings to the Router. • Reset the Router to factory default by pressing the Reset button for 10 seconds and then releasing it. If you are still getting prompted for a password when saving settings, then perform the following steps: 1. Access the Router’s web-based utility by going to http://192.168.1.1 or the IP address of the Router. Enter the default password admin, and click the Administrations => Management tab. 2. Enter a different password in the Router Password field, and enter the same password in the second field to confirm the password. 3. Click the Save Settings button. 10. I am a PPPoE user, and I need to remove the proxy settings or the dial-up pop-up window. If you have proxy settings, you need to disable these on your computer. Because the Router is the gateway for the Internet connection, the computer does not need any proxy settings to gain access. Please follow these directions to verify that you do not have any proxy settings and that the browser you use is set to connect directly to the LAN. Appendix A: Troubleshooting Common Problems and Solutions 54 Wireless-G VPN Broadband Router • For Microsoft Internet Explorer 5.0 or higher: 1. Click Start, Settings, and Control Panel. Double-click Internet Options. 2. Click the Connections tab. 3. Click the LAN settings button and remove anything that is checked. 4. Click the OK button to go back to the previous screen. 5. Click the option Never dial a connection. This will remove any dial-up pop-ups for PPPoE users. • For Netscape 4.7 or higher: 1. Start Netscape Navigator, and click Edit, Preferences, Advanced, and Proxies. 2. Make sure you have Direct connection to the Internet selected on this screen. 3. Close all the windows to finish. 11. To start over, I need to set the Router to factory default. Hold the Reset button for 10 seconds and then release it. This will return the password, forwarding, and other settings on the Router to the factory default settings. In other words, the Router will revert to its original factory configuration. 12. I need to upgrade the firmware. In order to upgrade the firmware with the latest features, you need to go to the Linksys website and download the latest firmware at www.linksys.com. • Follow these steps: 1. Go to the Linksys website at http://www.linksys.com and download the latest firmware. 2. To upgrade the firmware, follow the steps in the System section found in “Chapter 6: The Router’s Web-based Utility.” 13. The firmware upgrade failed, and/or the Power LED is flashing. The upgrade could have failed for a number of reasons. Follow these steps to upgrade the firmware and/or make the Power LED stop flashing: • If the firmware upgrade failed, use the TFTP program (it was downloaded along with the firmware). Open the pdf that was downloaded along with the firmware and TFTP program, and follow the pdf’s instructions. • Set a static IP address on the PC; refer to “Problem #1, I need to set a static IP address.” Use the following IP address settings for the computer you are using: IP Address: 192.168.1.50 Subnet Mask: 255.255.255.0 Gateway: 192.168.1.1 • Perform the upgrade using the TFTP program or the Router’s web-based utility through its Administration tab. Appendix A: Troubleshooting Common Problems and Solutions 55 Wireless-G VPN Broadband Router 14. My DSL service’s PPPoE is always disconnecting. PPPoE is not actually a dedicated or always-on connection. The DSL ISP can disconnect the service after a period of inactivity, just like a normal phone dial-up connection to the Internet. • There is a setup option to “keep alive” the connection. This may not always work, so you may need to reestablish connection periodically. 1. To connect to the Router, go to the web browser, and enter http://192.168.1.1 or the IP address of the Router. 2. Enter the password, if asked. (The default password is admin.) 3. On the Setup screen, select the option Keep Alive, and set the Redial Period option at 20 (seconds). 4. Click the Save Settings button. 5. Click the Status tab, and click the Connect button. 6. You may see the login status display as Connecting. Press the F5 key to refresh the screen, until you see the login status display as Connected. • Click the Save Settings button to continue. • If the connection is lost again, follow steps 1- 6 to re-establish connection. 15. I can’t access my e-mail, web, or VPN, or I am getting corrupted data from the Internet. The Maximum Transmission Unit (MTU) setting may need to be adjusted. By default, the MTU is set at 1500. For most DSL users, it is strongly recommended to use MTU 1492. • If you are having some difficulties, perform the following steps: 1. To connect to the Router, go to the web browser, and enter http://192.168.1.1 or the IP address of the Router. 2. Enter the password, if asked. (The default password is admin.) 3. Look for the MTU option, and select Manual. In the Size field, enter 1492. 4. Click the Save Settings button to continue. • If your difficulties continue, change the Size to different values. Try this list of values, one value at a time, in this order, until your problem is solved: 1462 1400 1362 1300 16. The Power LED flashes continuously. The Power LED lights up when the device is first powered up. Meantime, the system will boot up itself and check for proper operation. After finishing the checking procedure, the LED remains steady to show that the system is working fine. If the LED continues to flash after this time, the device is not working properly. Try to flash the firmware by assigning a static IP address to the computer, and then upgrade the firmware. Try using the following settings, IP Address: 192.168.1.50 and Subnet Mask: 255.255.255.0. Appendix A: Troubleshooting Common Problems and Solutions 56 Wireless-G VPN Broadband Router 17. When I enter a URL or IP address, I get a time-out error or am prompted to retry. • Check if other PCs work. If they do, ensure that your workstation’s IP settings are correct (IP Address, Subnet Mask, Default Gateway, and DNS). Restart the computer that is having a problem. • If the PCs are configured correctly, but still not working, check the Router. Ensure that it is connected and powered on. Connect to it and check its settings. (If you cannot connect to it, check the LAN and power connections.) • If the Router is configured correctly, check your Internet connection (DSL/cable modem, etc.) to see if it is working correctly. You can remove the Router to verify a direct connection. • Manually configure the TCP/IP settings with a DNS address provided by your ISP. • Make sure that your browser is set to connect directly and that any dial-up is disabled. For Internet Explorer, click Tools, Internet Options, and then the Connection tab. Make sure that Internet Explorer is set to Never dial a connection. For Netscape Navigator, click Edit, Preferences, Advanced, and Proxy. Make sure that Netscape Navigator is set to Direct connection to the Internet. Frequently Asked Questions What is the maximum number of IP addresses that the Router will support? The Router will support up to 253 IP addresses. Is IPSec Pass-Through supported by the Router? Yes, it is a built-in feature that the Router automatically enables. Where is the Router installed on the network? In a typical environment, the Router is installed between the cable/DSL modem and the LAN. Plug the Router into the cable/DSL modem’s Ethernet port. Does the Router support IPX or AppleTalk? No. TCP/IP is the only protocol standard for the Internet and has become the global standard for communications. IPX, a NetWare communications protocol used only to route messages from one node to another, and AppleTalk, a communications protocol used on Apple and Macintosh networks, can be used for LAN to LAN connections, but those protocols cannot connect from the Internet to a LAN. Does the Internet connection of the Router support 100Mbps Ethernet? The Router’s current hardware design supports up to 100Mbps Ethernet on its Internet port; however, the Internet connection speed will vary depending on the speed of your broadband connection. The Router also supports 100Mbps over the auto-sensing Fast Ethernet 10/100 switch on the LAN side of the Router. What is Network Address Translation and what is it used for? Appendix A: Troubleshooting Frequently Asked Questions 57 Wireless-G VPN Broadband Router Network Address Translation (NAT) translates multiple IP addresses on the private LAN to one public address that is sent out to the Internet. This adds a level of security since the address of a PC connected to the private LAN is never transmitted on the Internet. Furthermore, NAT allows the Router to be used with low cost Internet accounts, such as DSL or cable modems, when only one TCP/IP address is provided by the ISP. The user may have many private addresses behind this single address provided by the ISP. Does the Router support any operating system other than Windows 95, Windows 98SE, Windows Millennium, Windows 2000, or Windows XP? Yes, but Linksys does not, at this time, provide technical support for setup, configuration or troubleshooting of any non-Windows operating systems. Does the Router support ICQ send file? Yes, with the following fix: click ICQ menu -> preference -> connections tab->, and check I am behind a firewall or proxy. Then set the firewall time-out to 80 seconds in the firewall setting. The Internet user can then send a file to a user behind the Router. I set up an Unreal Tournament Server, but others on the LAN cannot join. What do I need to do? If you have a dedicated Unreal Tournament server running, you need to create a static IP for each of the LAN computers and forward ports 7777, 7778, 7779, 7780, 7781, and 27900 to the IP address of the server. You can also use a port forwarding range of 7777 ~ 27900. If you want to use the UT Server Admin, forward another port. (Port 8080 usually works well but is used for remote admin. You may have to disable this.) Then in the [UWeb.WebServer] section of the server.ini file, set the ListenPort to 8080 (to match the mapped port above) and ServerName to the IP assigned to the Router from your ISP. Can multiple gamers on the LAN get on one game server and play simultaneously with just one public IP address? It depends on which network game or what kind of game server you are using. For example, Unreal Tournament supports multi-login with one public IP. How do I get Half-Life: Team Fortress to work with the Router? The default client port for Half-Life is 27005. The computers on your LAN need to have “+clientport 2700x” added to the HL shortcut command line; the x would be 6, 7, 8, and on up. This lets multiple computers connect to the same server. One problem: Version 1.0.1.6 won’t let multiple computers with the same CD key connect at the same time, even if on the same LAN (not a problem with 1.0.1.3). As far as hosting games, the HL server does not need to be in the DMZ. Just forward port 27015 to the local IP address of the server computer. How can I block corrupted FTP downloads? If you are experiencing corrupted files when you download a file with your FTP client, try using another FTP program. Appendix A: Troubleshooting Frequently Asked Questions 58 Wireless-G VPN Broadband Router The web page hangs; downloads are corrupt, or nothing but junk characters are being displayed on the screen. What do I need to do? Force your Ethernet adapter to 10Mbps or half duplex mode, and turn off the “Auto-negotiate” feature of your Ethernet adapter as a temporary measure. (Please look at the Network Control Panel in your Ethernet adapter’s Advanced Properties tab.) Make sure that your proxy setting is disabled in the browser. Check our website at www.linksys.com for more information. If all else fails in the installation, what can I do? Reset the Router by holding down the reset button until the Power LED fully turns on and off. Reset your cable or DSL modem by powering the unit off and then on. Obtain and flash the latest firmware release that is readily available on the Linksys website, www.linksys.com. How will I be notified of new Router firmware upgrades? All Linksys firmware upgrades are posted on the Linksys website at www.linksys.com, where they can be downloaded for free. To upgrade the Router’s firmware, use the System tab of the Router’s web-based utility. If the Router’s Internet connection is working well, there is no need to download a newer firmware version, unless that version contains new features that you would like to use. Downloading a more current version of Router firmware will not enhance the quality or speed of your Internet connection, and may disrupt your current connection stability. Will the Router function in a Macintosh environment? Yes, but the Router’s setup pages are accessible only through Internet Explorer 4.0 or Netscape Navigator 4.0 or higher for Macintosh. I am not able to get the web configuration screen for the Router. What can I do? You may have to remove the proxy settings on your Internet browser, e.g., Netscape Navigator or Internet Explorer. Or remove the dial-up settings on your browser. Check with your browser documentation, and make sure that your browser is set to connect directly and that any dial-up is disabled. Make sure that your browser is set to connect directly and that any dial-up is disabled. For Internet Explorer, click Tools, Internet Options, and then the Connection tab. Make sure that Internet Explorer is set to Never dial a connection. For Netscape Navigator, click Edit, Preferences, Advanced, and Proxy. Make sure that Netscape Navigator is set to Direct connection to the Internet. What is DMZ Hosting? Demilitarized Zone (DMZ) allows one IP address (computer) to be exposed to the Internet. Some applications require multiple TCP/IP ports to be open. It is recommended that you set your computer with a static IP if you want to use DMZ Hosting. To get the LAN IP address, see “Appendix D: Finding the MAC Address and IP Address for Your Ethernet Adapter.” If DMZ Hosting is used, does the exposed user share the public IP with the Router? Appendix A: Troubleshooting Frequently Asked Questions 59 Wireless-G VPN Broadband Router No. Does the Router pass PPTP packets or actively route PPTP sessions? The Router allows PPTP packets to pass through. Is the Router cross-platform compatible? Any platform that supports Ethernet and TCP/IP is compatible with the Router. How many ports can be simultaneously forwarded? Theoretically, the Router can establish 520 sessions at the same time, but you can only forward 10 ranges of ports. What are the advanced features of the Router? The Router’s advanced features include Advanced Wireless settings, Filters, Port Forwarding, Routing, and DDNS. What is the maximum number of VPN sessions allowed by the Router? The maximum number depends on many factors. At least one IPSec session will work through the Router; however, simultaneous IPSec sessions may be possible, depending on the specifics of your VPNs. How can I check whether I have static or DHCP IP Addresses? Consult your ISP to obtain this information. How do I get mIRC to work with the Router? Under the Port Forwarding tab, set port forwarding to 113 for the PC on which you are using mIRC. Can the Router act as my DHCP server? Yes. The Router has DHCP server software built-in. Can I run an application from a remote computer over the wireless network? This will depend on whether or not the application is designed to be used over a network. Consult the application’s documentation to determine if it supports operation over a network. What is the IEEE 802.11g standard? It is one of the IEEE standards for wireless networks. The 802.11g standard allows wireless networking hardware from different manufacturers to communicate, provided that the hardware complies with the 802.11g standard. The 802.11g standard states a maximum data transfer rate of 54Mbps and an operating frequency of 2.4GHz. What IEEE 802.11b features are supported? The product supports the following IEEE 802.11b functions: • CSMA/CA plus Acknowledge protocol • Multi-Channel Roaming Appendix A: Troubleshooting Frequently Asked Questions 60 Wireless-G VPN Broadband Router • • • • Automatic Rate Selection RTS/CTS feature Fragmentation Power Management What is ad-hoc mode? When a wireless network is set to ad-hoc mode, the wireless-equipped computers are configured to communicate directly with each other. The ad-hoc wireless network will not communicate with any wired network. What is infrastructure mode? When a wireless network is set to infrastructure mode, the wireless network is configured to communicate with a wired network through a wireless access point. What is roaming? Roaming is the ability of a portable computer user to communicate continuously while moving freely throughout an area greater than that covered by a single access point. Before using the roaming function, the workstation must make sure that it is the same channel number with the access point of dedicated coverage area. To achieve true seamless connectivity, the wireless LAN must incorporate a number of different functions. Each node and access point, for example, must always acknowledge receipt of each message. Each node must maintain contact with the wireless network even when not actually transmitting data. Achieving these functions simultaneously requires a dynamic RF networking technology that links access points and nodes. In such a system, the user’s end node undertakes a search for the best possible access to the system. First, it evaluates such factors as signal strength and quality, as well as the message load currently being carried by each access point and the distance of each access point to the wired backbone. Based on that information, the node next selects the right access point and registers its address. Communications between end node and host computer can then be transmitted up and down the backbone. As the user moves on, the end node’s RF transmitter regularly checks the system to determine whether it is in touch with the original access point or whether it should seek a new one. When a node no longer receives acknowledgment from its original access point, it undertakes a new search. Upon finding a new access point, it then re-registers, and the communication process continues. What is ISM band? The FCC and their counterparts outside of the U.S. have set aside bandwidth for unlicensed use in the ISM (Industrial, Scientific and Medical) band. Spectrum in the vicinity of 2.4 GHz, in particular, is being made available worldwide. This presents a truly revolutionary opportunity to place convenient high-speed wireless capabilities in the hands of users around the globe. Appendix A: Troubleshooting Frequently Asked Questions 61 Wireless-G VPN Broadband Router What is Spread Spectrum? Spread Spectrum technology is a wideband radio frequency technique developed by the military for use in reliable, secure, mission-critical communications systems. It is designed to trade off bandwidth efficiency for reliability, integrity, and security. In other words, more bandwidth is consumed than in the case of narrowband transmission, but the trade-off produces a signal that is, in effect, louder and thus easier to detect, provided that the receiver knows the parameters of the spread-spectrum signal being broadcast. If a receiver is not tuned to the right frequency, a spread-spectrum signal looks like background noise. There are two main alternatives, Direct Sequence Spread Spectrum (DSSS) and Frequency Hopping Spread Spectrum (FHSS). What is DSSS? What is FHSS? And what are their differences? Frequency-Hopping Spread-Spectrum (FHSS) uses a narrowband carrier that changes frequency in a pattern that is known to both transmitter and receiver. Properly synchronized, the net effect is to maintain a single logical channel. To an unintended receiver, FHSS appears to be short-duration impulse noise. Direct-Sequence SpreadSpectrum (DSSS) generates a redundant bit pattern for each bit to be transmitted. This bit pattern is called a chip (or chipping code). The longer the chip, the greater the probability that the original data can be recovered. Even if one or more bits in the chip are damaged during transmission, statistical techniques embedded in the radio can recover the original data without the need for retransmission. To an unintended receiver, DSSS appears as low power wideband noise and is rejected (ignored) by most narrowband receivers. Will the information be intercepted while it is being transmitted through the air? WLAN features two-fold protection in security. On the hardware side, as with Direct Sequence Spread Spectrum technology, it has the inherent security feature of scrambling. On the software side, WLAN offers the encryption function (WEP) to enhance security and access control. What is WEP? WEP is Wired Equivalent Privacy, a data privacy mechanism based on a 64-bit or 128-bit shared key algorithm, as described in the IEEE 802.11 standard. What is a MAC Address? The Media Access Control (MAC) address is a unique number assigned by the manufacturer to any Ethernet networking device, such as a network adapter, that allows the network to identify it at the hardware level. For all practical purposes, this number is usually permanent. Unlike IP addresses, which can change every time a computer logs onto the network, the MAC address of a device stays the same, making it a valuable identifier for the network. How do I reset the Router? Press the Reset button on the back panel for about ten seconds. This will reset the Router to its default settings. How do I resolve issues with signal loss? Appendix A: Troubleshooting Frequently Asked Questions 62 Wireless-G VPN Broadband Router There is no way to know the exact range of your wireless network without testing. Every obstacle placed between the Router and a wireless PC will create signal loss. Lead glass, metal, concrete floors, water and walls will inhibit the signal and reduce range. Start with the Router and your wireless PC in the same room and move it away in small increments to determine the maximum range in your environment. You may also try using different channels, as this may eliminate interference affecting only one channel. I have excellent signal strength, but I cannot see my network. WEP is probably enabled on the Router, but not on your wireless adapter (or vice versa). Verify that the same WEP keys and levels (64 or 128) are being used on all nodes of your wireless network. How many channels/frequencies are available with the Router? There are eleven available channels, ranging from 1 to 11 (in North America). If your questions are not addressed here, refer to the Linksys website, www.linksys.com. Appendix A: Troubleshooting Frequently Asked Questions 63 Wireless-G VPN Broadband Router Appendix B: Wireless Security A Brief Overview Whenever data - in the form of files, emails, or messages - is transmitted over your wireless network, it is open to attacks. Wireless networking is inherently risky because it broadcasts information on radio waves. Just like signals from your cellular or cordless phone can be intercepted, signals from your wireless network can also be compromised. What are the risks inherent in wireless networking? Read on. What Are The Risks? Computer network hacking is nothing new. With the advent of wireless networking, hackers use methods both old and new to do everything from stealing your bandwidth to stealing your data. There are many ways this is done, some simple, some complex. As a wireless user, you should be aware of the many ways they do this. Every time a wireless transmission is broadcast, signals are sent out from your wireless PC or router, but not always directly to its destination. The receiving PC or router can hear the signal because it is within that radius. Just as with a cordless phone, cellular phone, or any kind of radio device, anyone else within that radius, who has their device set to the same channel or bandwidth can also receive those transmission. Wireless networks are easy to find. Hackers know that, in order to join a wireless network, your wireless PC will typically first listen for "beacon messages". These are identifying packets transmitted from the wireless network to announce its presence to wireless nodes looking to connect. These beacon frames are unencrypted and contain much of the network's information, such as the network's SSID (Service Set Identifier) and the IP address of the network PC or router. The SSID is analogous to the network's name. With this information broadcast to anyone within range, hackers are often provided with just the information they need to access that network. One result of this, seen in many large cities and business districts, is called "Warchalking". This is the term used for hackers looking to access free bandwidth and free Internet access through your wireless network. The marks they chalk into the city streets are well documented in the Internet and communicate exactly where available wireless bandwidth is located for the taking. Even keeping your network settings, such as the SSID and the channel, secret won't prevent a hacker from listening for those beacon messages and stealing that information. This is why most experts in wireless networking strongly recommend the use of WEP (Wireless Equivalent Privacy). WEP encryption scrambles your wireless signals so they can only be recognized within your wireless network. Figure B-1: Warchalking Appendix B: Wireless Security A Brief Overview 64 Wireless-G VPN Broadband Router But even WEP has its problems. WEP's encryption algorithm is referred to as "simple", which also means "weak", because the technology that scrambles the wireless signal isn't too hard to crack for a persistent hacker. There are five common ways that hackers can break into your network and steal your bandwidth as well as your data. The five attacks are popularly known as: 1. Passive Attacks 2. Jamming Attacks 3. Active Attacks 4. Dictionary-building or Table Attacks 5. Man-in-the-Middle Attacks Passive Attacks There's no way to detect a passive attack because the hacker is not breaking into your network. He is simply listening (eavesdropping, if you will) to the information your network broadcasts. There are applications easily available on the Internet that can allow a person to listen into your wireless network and the information it broadcasts. Information such as MAC addresses, IP addresses, usernames, passwords, instant message conversations, emails, account information, and any data transmitted wirelessly, can easily be seen by someone outside of your network because it is often broadcast in clear text. Simply put, any information transmitted on a wireless network leaves both the network and individual users vulnerable to attack. All a hacker needs is a "packet sniffer", software available on the Internet, along with other freeware or shareware hacking utilities available on the Internet, to acquire your WEP keys and other network information to defeat security. Jamming Attacks Jamming Attacks, when a powerful signal is sent directly into your wireless network, can effectively shut down your wireless network. This type of attack is not always intentional and can often come about simply due to the technology. This is especially possible in the 2.4 GHz frequency, where phones, baby monitors, and microwave ovens can create a great deal of interference and jam transmissions on your wireless network. One way to resolve this is by moving your wireless devices into the 5 GHz frequency, which is dedicated solely to information transmissions. Appendix B: Wireless Security What Are The Risks? 65 Wireless-G VPN Broadband Router Active Attacks Hackers use Active Attacks for three purposes: 1) stealing data, 2) using your network, and 3) modifying your network so it's easier to hack in the next time. In an Active Attack, the hacker has gained access to all of your network settings (SSID, WEP keys, etc.) and is in your network. Once in your wireless network, the hacker has access to all open resources and transmitted data on the network. In addition, if the wireless network's router is connected to a switch, the hacker will also have access to data in the wired network. Further, spammers can use your Internet connection and your ISP's mail server to send tens of thousands of e-mails from your network without your knowledge. Lastly, the hacker could make hacking into your network even easier by changing or removing safeguards such as MAC address filters and WEP encryption. He can even steal passwords and user names for the next time he wants to hack in. Dictionary-Building or Table Attacks Dictionary-building, or Table attacks, is a method of gaining network settings (SSID, WEP keys, etc.) by analyzing about a day's worth of network traffic, mostly in the case of business networks. Over time, the hacker can build up a table of network data and be able to decrypt all of your wireless transmissions. This type of attack is more effective with networks that transmit more data, such as businesses. Man-in-the-Middle Attacks A hacker doesn't need to log into your network as a user - he can appear as one of the network's own routers, setting himself up as the man-in-the-middle. To do this, the hacker simply needs to rig an router with your network's settings and send out a stronger signal that your router. In this way, some of your network's PCs may associate with this rogue router, not knowing the difference, and may begin sending data through it and to this hacker. The trade-off for the convenience and flexibility wireless networking provides is the possibility of being hacked into through one of the methods described here. With wireless networks, even with WEP encryption, open to the persistent hacker, how can you protect your data? The following section will tell you how to do just that. Maximizing Wireless Security Security experts will all tell you the same thing: Nothing is guaranteed. No technology is secure by itself. An unfortunate axiom is that building the better mousetrap can often create a better mouse. This is why, in the Appendix B: Wireless Security What Are The Risks? 66 Wireless-G VPN Broadband Router examples below, your implementation and administration of network security measures is the key to maximizing wireless security. No preventative measure will guarantee network security but it will make it more difficult for someone to hack into your network. Often, hackers are looking for an easy target. Making your network less attractive to hackers, by making it harder for them to get in, will make them look elsewhere. How do you do this? Before discussing WEP, let's look at a few security measures often overlooked. 1) Network Content Now that you know the risks assumed when networking wirelessly, you should view wireless networks as you would the Internet. Don't host any systems or provide access to data on a wireless network that you wouldn't put on the Internet. 2) Network Layout When you first lay out your network, keep in mind where your wireless PCs are going to be located and try to position your router towards the center of that network radius. Remember that access points transmit indiscriminately in a radius; placing an access point at the edge of the physical network area reduces network performance and leaves an opening for any hacker smart enough to discover where the router is transmitting. This is an invitation for a man-in-the-middle attack, as described in the previous section. To perform this type of attack, the hacker has to be physically close to your network. So, monitoring both your network and your property is important. Furthermore, if you are suspicious of unauthorized network traffic, most wireless products come with a log function, with which you can view activity on your network and verify if any unauthorized users have had access. 3) Network Devices With every wireless networking device you use, keep in mind that network settings (SSID, WEP keys, etc.) are stored in its firmware. If they get into the hands of a hacker, so do all of your settings. So keep an eye on them. 4) Administrator passwords Your network administrator is the only person who can change network settings. If a hacker gets a hold of the administrator's password, he, too, can change those settings. So, make it harder for a hacker to get that information. Change the administrator's password regularly. 5) SSID Appendix B: Wireless Security What Are The Risks? 67 Wireless-G VPN Broadband Router There are a few things you can do to make your SSID more secure: a. Disable Broadcast b. Make it unique c. Change it often Most wireless networking devices will give you the option of broadcasting the SSID. This is a option for convenience, allowing anyone to log into your wireless network. In this case, however, anyone includes hackers. So don't broadcast the SSID. A default SSID is set on your wireless devices by the factory. (The Linksys default SSID is "linksys".) Hackers know these defaults and can check these against your network. Change your SSID to something unique and not something related to your company or the networking products you use. Changing your SSID regularly will force any hacker attempting to gain access to your wireless network to start looking for that new SSID. With these three steps in mind, please remember that while SSIDs are good for segmenting networks, they fall short with regards to security. Hackers can usually find them quite easily. 6) MAC addresses Enable MAC address filtering if your wireless products allow it. MAC address filtering will allow you to provide access to only those wireless nodes with certain MAC addresses. This makes it harder for a hacker using a random MAC address or spoofing (faking) a MAC address. 7) Firewalls You can use the same firewall technology to protect your wired network from hackers coming in through your wireless network as you did for the Internet. The firewall will protect your network from any transmissions entering via your wireless network. 8) WEP Wired Equivalent Privacy (WEP) is often looked upon as a panacea for wireless security concerns. This is overstating WEP's ability. Again, this can only provide enough security to make a hacker's job more difficult. WEP encryption implementation was not put in place with the 802.11 standard. This means that there are about as many methods of WEP encryption as there are providers of wireless networking products. In addition, WEP is Appendix B: Wireless Security What Are The Risks? 68 Wireless-G VPN Broadband Router not completely secure. One piece of information still not encrypted is the MAC address, which hackers can use to break into a network by spoofing (or faking) the MAC address. Programs exist on the Internet that are designed to defeat WEP. The best known of these is AirSnort. In about a day, AirSnort can analyze enough of the wireless transmissions to crack the WEP key. Just like a dictionarybuilding attack, the best prevention for these types of programs is by not using static settings, periodically changing WEP keys, SSID, etc. There are several ways that WEP can be maximized: a) Use the highest level of encryption possible b) Use multiple WEP keys c) Change your WEP key regularly Current encryption technology offers 64-bit and 128-bit WEP encryption. If you are using 64-bit WEP, swap out your old wireless units for 128-bit encryption right away. Where encryption is concerned, the bigger and more complex, the better. A WEP key is a string of hexadecimal characters that your wireless network uses in two ways. First, nodes in your wireless network are identified with a common WEP key. Second, these WEP keys encrypt and decrypt data sent over your wireless network. So, a higher level of security ensures that hackers will have a harder time breaking into your network. Setting one, static WEP key on your wireless network leaves your network open the threats even as you think it is protecting you. While it is true that using a WEP key increases wireless security, you can increase it further by using multiple WEP keys. Keep in mind that WEP keys are stored in the firmware of wireless cards and access points and can be used to hack into the network if a card or access point falls into the wrong hands. Also, should someone hack into your network, there would be nothing preventing someone access to the entire network, using just one static key. The solution, then, is to segment your network up into multiple groups. If your network had 80 users and you used four WEP keys, a hacker would have access to only ¼ of your wireless network resources. In this way, multiple keys reduce your liability. Finally, be sure to change your WEP key regularly, once a week or once a day. Using a "dynamic" WEP key, rather than one that is static, makes it even harder for a hacker to break into your network and steal your resources. Appendix B: Wireless Security What Are The Risks? 69 Wireless-G VPN Broadband Router 2.4GHz/802.11b and 802.11g WEP Encryption WEP encryption for the Wireless-G VPN Broadband Router is configured through the Web-Utility's Wireless tab. Enable WEP from this tab and click the Edit WEP Settings button, which will open the WEP screen, shown in Figure B-3. Important: Always remember that each point in your wireless network MUST use the same WEP Encryption method and encryption key or your wireless network will not function properly. From this screen, you can select the type of WEP encryption to use as well as set the WEP Key for that encryption. Select which WEP key (1-4) will be used when the Router sends data, then select that number as the Default Transmit Key. Make sure the receiving device is using the same key. Select the level of WEP encryption you wish to use, 64-bit 10 hex digits or 128-bit 26 hex digits. Higher encryption levels offer higher levels of security, but due to the complexity of the encryption, they may decrease network performance. If you wish to use a WEP Passphrase, it can be a maximum of 16 alphanumeric characters. This passphrase may not work with non-Linksys products due to possible incompatibility with other vendors' passphrase generators. The WEP Key can be generated using your Passphrase or you can enter it manually. If you wish to enter the WEP Key manually, type the key into the appropriate Key field on the left. The WEP key must consist of the letters "A" through "F" and the numbers "0" through "9" and should be 10 characters in length for 64-bit encryption or 26 characters in length for 128-bit encryption. All points in your wireless network must use the same WEP key to utilize WEP encryption. Figure B-2: WEP Once the Passphrase is entered, click the Generate key to generate a WEP key. When finished making your changes on this tab, click the Save Settings button to save these changes, or click the Cancel Changes button to undo your changes. Appendix B: Wireless Security What Are The Risks? 70 Wireless-G VPN Boradband Router Appendix C: Configuring IPSec between a Windows 2000 PC and the Router Introduction This document demonstrates how to establish a secure IPSec tunnel using preshared keys to join a private network inside the VPN Router and a Windows 2000 or XP PC. You can find detailed information on configuring the Windows 2000 server at the Microsoft website: Microsoft KB Q252735 - How to Configure IPSec Tunneling in Windows 2000 http://support.microsoft.com/support/kb/articles/Q252/7/35.asp NOTE: Keep a record of any changes you make. Those changes will be identical in the Windows “secpol” application and the Router’s Web-Based Utility. Microsoft KB Q257225 - Basic IPSec Troubleshooting in Windows 2000 http://support.microsoft.com/support/kb/articles/Q257/2/25.asp Environment The IP addresses and other specifics mentioned in this appendix are for illustration purposes only. Windows 2000 or Windows XP IP Address: 140.111.1.2 <= User ISP provides IP Address; this is only an example. Subnet Mask: 255.255.255.0 BEFSX41 WAN IP Address: 140.111.1.1 <= User ISP provides IP Address; this is only an example. Subnet Mask: 255.255.255.0 LAN IP Address: 192.168.1.1 Subnet Mask: 255.255.255.0 Appendix C: Configuring IPSec between a Windows 2000 PC and the Router Introduction 71 Wireless-G VPN Boradband Router How to Establish a Secure IPSec Tunnel Step 1: Create an IPSec Policy 1. Click the Start button, select Run, and type secpol.msc in the Open field. The Local Security Setting screen will appear as shown in Figure C-1. 2. Right-click IP Security Policies on Local Computer, and click Create IP Security Policy. Figure C-1: Password Screen 3. Click the Next button, and then enter a name for your policy (for example, to_router). Then, click Next. 4. Deselect the Activate the default response rule check box, and then click the Next button. NOTE: The references in this section to “win” are references to Windows 2000 and XP. 5. Click the Finish button, making sure the Edit check box is checked. Step 2: Build Filter Lists Filter List 1: win->router 1. In the new policy’s properties screen, verify that the Rules tab is selected, as shown in Figure C-2. Deselect the Use Add Wizard check box, and click the Add button to create a new rule. 2. Make sure the IP Filter List tab is selected, and click the Add button. (See Figure C-3.) Figure C-2: Setup Tab Figure C-3: IP Filter List Tab Appendix C: Configuring IPSec between a Windows 2000 PC and the Router How to Establish a Secure IPSec Tunnel 72 Wireless-G VPN Boradband Router 3. The IP Filter List screen should appear, as shown in Figure C-4. Enter an appropriate name, such as win>router, for the filter list, and de-select the Use Add Wizard check box. Then, click the Add button. 4. The Filters Properties screen will appear, as shown in Figure C-5. Select the Addressing tab. In the Source address field, select My IP Address. In the Destination address field, select A specific IP Subnet, and fill in the IP Address: 192.168.1.0 and Subnet mask: 255.255.255.0. (These are the Router’s default settings. If you have changed these settings, enter your new values.) 5. If you want to enter a description for your filter, click the Description tab and enter the description there. 6. Click the OK button. Then, click the OK (for Windows XP) or Close (for Windows 2000) button on the IP Filter List window. Figure C-4: IP Filter List Filter List 2: router=>win 7. The New Rule Properties screen will appear, as shown in Figure C-6. Select the IP Filter List tab, and make sure that win -> router is highlighted. Then, click the Add button. Figure C-5: Filters Properties Figure C-6: New Rule Properties Appendix C: Configuring IPSec between a Windows 2000 PC and the Router How to Establish a Secure IPSec Tunnel 73 Wireless-G VPN Boradband Router 8. The IP Filter List screen should appear, as shown in Figure C-7. Enter an appropriate name, such as router>win for the filter list, and de-select the Use Add Wizard check box. Click the Add button. 9. The Filters Properties screen will appear, as shown in Figure C-8. Select the Addressing tab. In the Source address field, select A specific IP Subnet, and enter the IP Address: 192.168.1.0 and Subnet mask: 255.255.255.0. (Enter your new values if you have changed the default settings.) In the Destination address field, select My IP Address. 10. If you want to enter a description for your filter, click the Description tab and enter the description there. 11. Click the OK button and the New Rule Properties screen should appear with the IP Filer List tab selected, as shown in Figure C-9. There should now be a listing for “router -> win” and “win -> router”. Click the OK (for WinXP) or Close (for Win2000) button on the IP Filter List window. Figure C-7: IP Filter List Figure C-8: Filters Properties Figure C-9: New Rule Properties Appendix C: Configuring IPSec between a Windows 2000 PC and the Router How to Establish a Secure IPSec Tunnel 74 Wireless-G VPN Boradband Router Step 3: Configure Individual Tunnel Rules Tunnel 1: win->router 1. From the IP Filter List tab, shown in Figure C-10, click the filter list win->router. 2. Click the Filter Action tab (as in Figure C-11), and click the filter action Require Security radio button. Then, click the Edit button. 3. From the Security Methods tab, shown in Figure C-12, verify that the Negotiate security option is enabled, and deselect the Accept unsecured communication, but always respond using IPSec check box. Select Session key Perfect Forward Secrecy, and click the OK button. Figure C-10: IP Filter List Tab Figure C-11: Filter Action Tab Figure C-12: Security Methods Tab Appendix C: Configuring IPSec between a Windows 2000 PC and the Router How to Establish a Secure IPSec Tunnel 75 Wireless-G VPN Boradband Router 4. Select the Authentication Methods tab, shown in Figure C-13, and click the Edit button. 5. Change the authentication method to Use this string to protect the key exchange (preshared key), as shown in Figure C-14, and enter the preshared key string, such as XYZ12345. Click the OK button. 6. This new Preshared key will be displayed in Figure C-15. Click the OK or Close button to continue. Figure C-13: Authentication Methods Figure C-14: Preshared Key Figure C-15: New Preshared Key Appendix C: Configuring IPSec between a Windows 2000 PC and the Router How to Establish a Secure IPSec Tunnel 76
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.4 Linearized : No Encryption : Standard V1.2 (40-bit) User Access : Print, Copy, Fill forms, Extract, Assemble, Print high-res Modify Date : 2004:11:17 18:12:47+08:00 Create Date : 2004:11:17 18:12:21+08:00 Title : Book Template.book Author : rebecca Creator : FrameMaker 7.0 Producer : Acrobat Distiller 5.0.5 (Windows) Page Count : 30 Mod Date : 2004:11:17 18:12:47+08:00 Creation Date : 2004:11:17 18:12:21+08:00 Metadata Date : 2004:11:17 18:12:47+08:00 Has XFA : NoEXIF Metadata provided by EXIF.tools