New Product Training - PowerPoint PPT Presentation

Loading...

PPT – New Product Training PowerPoint presentation | free to download - id: 2014d0-ZGQzZ



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

New Product Training

Description:

Linksys. BEFVP41. Spec. Item. EtherFast Cable/DSL VPN Router ... Router Setup. Open your web browser and type http://192.168.1.1 in the browser's Address field. ... – PowerPoint PPT presentation

Number of Views:72
Avg rating:3.0/5.0
Slides: 25
Provided by: cal886
Learn more at: http://sup.xenya.si
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: New Product Training


1
EtherFast Cable/DSL VPN Router
Model No. BEFVP41
Features
Why buy this product? Provides up to 70 complete
secure, encrypted VPN tunnel solution in one
box! Makes it easier and easier to add Virtual
Private Network(VPN) to your Broadband Network
with Broadband Sharing. Perfect for todays
business telecommuter.
New Product Training
2
EtherFast Cable/DSL VPN Router
Model No. BEFVP41
Features and Benefit
Features
Benefit Full IPSec VPN Capability - based on the
IPSec VPN implementation High-Speed - amazing
performance Powerful and Scalable - meets the
high demands of todays Internet Security
Environment Connect to existing equipments
seamlessly - such as Check Point VPN/Firewall,
Cisco 1720, SonicWALL TELE2 and Win2000 Easy
to use - quickly create a VPN Tunnel to a remote
site
Feature Supports DES and 3DES for ESP, MD5
and SHA1 for Authentication, and IKE (Internet
Key Exchange) Hardware Security Co-Processor
Inside Supports Up to 70 Tunnels Compatible
with other IPSec VPN products User friendly
Web-based Interface
3
EtherFast Cable/DSL VPN Router
Model No. BEFVP41
Examples
Types of Connections of VPN Router
  • BEFVP41 to BEFVP41
  • BEFVP41 to other VPN product (Interoperability)
  • Support multiple tunnel
  • Support mobile user
  • Support dynamic IP

San Francisco
Internet
Los Angles
Mobile user
Win2000 Cisco 1720 Check point Nortel contivity
1500
New York
IP sec tunnel
4
EtherFast Cable/DSL VPN Router
Model No. BEFVP41
Comparison
VPN Products Comparison
NETGEAR FV318
SNAPgear SOHO
WatchGuard SOHOtc
Sonicwall Tele2
Linksys BEFVP41
Spec. Item
970
399
599
489
200
Base list Price
Yes
Yes
Yes
Yes
Yes
Supports IPSec
No
No
Yes
No
Yes
Hardware Security Accelerator
New Product Training
5
35
10
5
70
Simultaneous Tunnels
DES, 3DES
DES, 3DES
DES, 3DES
DES, 3DES
DES, 3DES
Encryption Algorithms
MD5, SHA1
MD5, SHA1
MD5, SHA1
MD5, SHA1
MD5, SHA1
Authentication Protocols
IKE
IKE
IKE
IKE
IKE
Key Exchange
 
5
EtherFast Cable/DSL VPN Router
Model No. BEFVP41
Technical Spec.(1)
Standards IEEE 802.3 (10BaseT),
IEEE 802.3u (100BaseTX) Protocol
CSMA/CD Ports WAN One 10Base-T RJ-45 Port for
your Cable/DSL modem
connection LAN Four 10/100 RJ-45
Ports Buttons/Switches One Crossover Switch,
One Reset Button Cabling Type UTP Category 5 or
better Speed (Mbps) WAN 10 LAN 10/100 (Half
Duplex Mode) 20/200 (Full Duplex
Mode) LEDs Power, Diag WAN Act,
Link LAN Link/Act, Full/Col,
100 Topology Star Dimensions 7.31 L x 6.06
W X 1.88 D (186 mm x 154 mm x 48 mm) Unit
Weight 12.8 oz. (0.36 kg.) Power External,
5V DC, 2.1 A Certifications FCC Class B, CE
Mark Commercial Operating Temp. 0ºC to 45ºC
(32ºF to 113ºF) Storage Temp. -20ºC to 70ºC
(-4ºF to 158ºF) Operating Humidity 0 to 90,
Non-Condensing Storage Humidity 5 to 90,
Non-Condensing
6
What is IPSec IKE (Internet Key Exchange)?
EtherFast Cable/DSL VPN Router
Model No. BEFVP41
Application
  • IPSec (IP Security)
  • IPSec was designed to provide security
    features(data encryption) when sending data
    across the internet.
  • IPSec Encapsulating modes
  • Transport Mode
  • Tunnel Mode
  • IPSec Security Protocols
  • AH Provides authentication integrity
  • ESP Provides authentication integrity
    confidentiality
  • IKE Provides security services and
    keys management
  • IKE (Internet Key Exchange)
  • Provides the mechanism for two IPSec entities to
  • Negotiate the Security Association
  • Negotiate the Secure Key
  • Security Association (SA)
  • A relationship that describes how the entities
    will use security services

7
Router Setup
Router Setup
Open your web browser and type http//192.168.1.1
in the browsers Address field. This number is
the default IP address of your VPN Router. Press
Enter. A password screen will appear. Leave
the user name blank. Type in Admin as the
Password. NOTE Admin is the default password.
If the router is ever reset back to factory
default, the password will always reset to
Admin.
8
Router Setup
Setup Tab
Host Name Domain Name These fields allow
you to supply a host and domain name for the VPN
Router. Some ISPs require these names as
identification. You may have to check with your
ISP to see if your Broadband Internet Service has
been configured with a host and domain name. In
most cases, these fields may be left blank.
Firmware Version This entry shows the version
of the firmware you are using. Future versions of
the VPN Routers firmware may be available on the
Linksys Website at www.linksys.com. LAN IP
Address The IP Address and Subnet Mask of the
VPN Router as it is seen on the internal LAN.
The default value is 192.168.1.1 for IP and
255.255.255.0 for Subnet Mask.
9
Router Setup
Setup Tab
WAN IP Address The IP Address and Subnet Mask
of the Router as seen by external users on the
Internet (including your ISP). If these values
are automatically assigned by your ISP, select
Obtain an IP Address Automatically. Your ISP
will provide you with the Default Gateway IP
Address. If these values are automatically
assigned by your ISP, select Obtain an IP
Address Automatically. Your ISP will provide
you with at least one DNS (Domain Name Server) IP
Address. If these values are automatically
assigned by your ISP, select Obtain an IP
Address Automatically. In this example, the IP
Address, Subnet Mask, Default Gateway IP Address,
and DNS are all set to Obtain an IP Address
Automatically, which is the default setting.
10
Router Setup
Setup Tab
Login Some DSL-based ISPs use PPPoE
(Point-to-Point Protocol over Ethernet) to
establish communications with an end-user. If you
are connected to the Internet through a DSL line,
check with your ISP to see if you are using
PPPoE. If so, select PPPoE Login. To enable
PPPoE 1. Choose the PPPoE option within the
Login area of the Setup Tab. 2. Enter the User
Name you use to log onto your Internet
connection. 3. Enter your corresponding
Password. RAS is a service that applies for
connections in Singapore only. For users in
Singapore, check with Singtel for more
information. Once you are satisfied with all
your settings, click the Apply button.
11
VPN Tab (Choosing a Tunnel Number, Enabling a
Tunnel, and Assigning a Tunnel Name)
  • Establishing a Tunnel
  • The VPN Router creates a tunnel or channel
    between two end points, so that the data or
    information between these points is secure.
  • To establish this tunnel, select the number
    (1-70) of the tunnel you wish to create in the
    Select Tunnel Entry drop down box. It is possible
    to create up to 70 simultaneous tunnels.
  • Then select Enable next to This Tunnel to enable
    the tunnel. Once the tunnel is enabled, enter the
    name of the tunnel in the Tunnel Name field. This
    option will allow you to easily identify multiple
    tunnels and does not have to match the name used
    at the other end of the tunnel.

12
VPN Tab (Subnet Secure Groups)
Under Local Secure Group and Remote Secure
Group, you may choose one of three options 1)
Subnet 2) IP Address 3) IP Range Subnet - If
you select Subnet (which is the default), this
will allow all computers on the local subnet to
access the tunnel. In this example, all Local
Secure Group computers with IP Addresses
192.168.1.xxx will be able to access the tunnel
and all Remote Secure Group computers with IP
Addresses 192.168.2.xxx will be able to access
the tunnel. When using the Subnet setting, the
default values of 0 should remain in the IP and
Mask fields (for the last octet).
13
VPN Tab (IP Address Secure Groups)
IP Address - If you select IP Address, only the
computer with the specific IP Address that you
enter will be able to access the tunnel. In this
example, only the computer with IP Address
192.168.1.104 in the Local Secure Group can
access the tunnel from this end and only the
computer with IP Address 192.168.2.58 in the
Remote Secure Group can access the tunnel from
the remote end.
14
VPN Tab (IP Range Secure Groups)
IP Range - If you select IP Range, it will
combine the Subnet and IP Address options. You
can specify a range of IP Addresses on the Subnet
which will have access to the tunnel. In this
example, all computers in the Local Secure Group
with IP Addresses between 192.168.1.0 and
192.168.1.200 can access the tunnel from the
local end. Only computers assigned an IP Address
between 192.168.2.0 and 192.168.2.135 in the
Remote Secure Group can access the tunnel from
the remote end.
15
VPN Tab (Remote Security Gateway)
Under Remote Security Gateway, enter the WAN IP
Address of VPN client at the other end of the
tunnel. The client can be another VPN Router, or
a VPN Server. In the example above, the IP
address of the Remote Security Gateway is
140.111.1.2. This IP Address may either be static
(permanent) or dynamic (changing), depending on
the Internet Service Provider of the VPN client.
Make sure that you have entered the IP Address
correctly, or the connection cannot be made.
Remember, this is NOT the IP Address of this VPN
Router, but the WAN IP Address of the VPN client
with which you wish to communicate.
16
VPN Tab (Encryption and Authentication)
Encryption makes your connection more secure.
There are two different types of encryption 1)
DES 2) 3DES You may choose either of these, but
it must be the same type of encryption that is
being used by the VPN client at the other end of
the tunnel. Or, you may choose not to encrypt by
selecting Disable. In this example, DES (the
default) has been selected. Authentication acts
as another level of security. There are two
types of authentication 1) MD5 2) SHA As with
encryption, either of these may be selected,
provided that the VPN client at the other end of
the tunnel is using the same type of
authentication. Or, both ends of the tunnel may
choose to Disable authentication. In this
example, MD5 (the default) has been selected.
17
VPN Tab (Auto Key Management)
  • Key Management - In order for any encryption to
    occur, the two ends of the tunnel must agree on
    the type of encryption and the way the data will
    be decrypted. This is done by sharing a key to
    the encryption code.
  • Under Key Management, you may choose Auto
    (ISAKMP) and enter a series of numbers or letters
    in the Pre-shared KEY field.
  • In the example above, the word MyText is used.
    Based on this word, which MUST be entered at both
    ends of the tunnel if this method is used, a code
    is generated to scramble (encrypt) the data being
    transmitted over the tunnel, where it is
    unscrambled (decrypted). You may use any
    combination of up to 23 numbers or letters in
    this field. No special characters or spaces are
    allowed.
  • In the Key Lifetime field, you may optionally
    select to have the key expire at the end of a
    time period of your choosing. Enter the number of
    seconds youd like the key to be useful, or leave
    it blank for the key to last indefinitely.
  • PFS (Perfect Forward Secrecy)

18
VPN Tab (Manual Key Management)
  • Key Management - Selecting Manual Keying allows
    you to generate the code yourself. Enter your
    code into the Encryption KEY field. Then enter an
    Authentication KEY into that field. These fields
    must both match the information that is being
    entered in the fields at the other end of the
    tunnel.
  • The example above shows valid entries for both
    the Encryption and Authentication Key fields.
    Again, up to 23 alphanumeric characters are
    allowed to create this key.
  • However, the Inbound SPI and Outbound SPI fields
    are different. The Inbound SPI value set here
    must match the Outbound SPI value at the other
    end of the tunnel. The Outbound SPI here must
    match the Inbound SPI value at the other end of
    the tunnel.
  • In the example above, the Inbound SPI and
    Outbound SPI values shown would be opposite on
    the other end of the tunnel. Only numeric
    characters can be used in these fields. Once you
    are satisfied with all your settings, click the
    Apply button.

19
VPN Tunnel Status
  • Connecting the VPN Tunnel
  • After the VPN client is set up at the other end
    of the tunnel, you may click the Connect button
    to use the tunnel. This assumes that both ends of
    the tunnel have a physical connection to each
    other (i.e. over the Internet, physical wiring,
    etc.).
  • After clicking the Connect button, click the
    Summary button. If the connection is made, the
    above screen will appear. Under Status, the word
    Connected should appear if the connection is
    successful. The other fields reflect the
    information that you entered on the VPN screen to
    make the connection. If Disconnected appears
    under Status, some problem exists that prevents
    the creation of the tunnel. Make sure that all of
    your wiring is securely connected. Double-check
    all the values you entered on the VPN screen to
    make sure they are correct and match the settings
    on the VPN Client or VPN Router that you are
    trying to connect to. Verify that the settings
    are correct on the VPN Client or Router at the
    other end of the tunnel.

20
Example Manual Keying
LAN
LAN
WAN
WAN
Crossover
192.168.2.100
192.168.1.100
BEFVP41 1 BEFVP41 2 LAN IP
192.168.1.1 192.168.2.1 WAN IP
140.111.1.1 140.111.1.2 Default
Gateway 140.111.1.2 140.111.1.1 Tunnel
1 Tunnel 1 This Tunnel Enable Enable Local
Secure Group Subnet, 192.168.1.0, 255.255.255.0
Subnet, 192.168.2.0, 255.255.255.0 Remote Secure
Group Subnet, 192.168.2.0, 255.255.255.0 Subnet,
192.168.1.0, 255.255.255.0 Remote Security
Gateway 140.111.1.2 140.111.1.1 Encryption
DES DES Authentication MD5 MD5 IPSec
MANUAL keying MANUAL keying Encryption
KEY MyTest MyTest Authentication KEY
MyTest1 MyTest1 Inbound SPI 0x12345678 0x87
654321 Outbound SPI 0x87654321 0x12345678
21
Interoperability with Third Party Client
LAN
LAN
WAN
WAN
Internet
192.168.1.100
192.168.2.100
BEFVP41 Win2000
Server/Cisco 1720/ CheckPoint/ Nortel
Contivity 1500 LAN IP 192.168.1.1 192.168.
2.1 WAN IP 210.241.239.77 211.21.189.53 Defau
lt Gateway 210.241.239.73 211.21.189.49 (select
tunnel entry) Tunnel 1 Tunnel 1 This Tunnel
Enable Enable Local Secure Group Subnet,
192.168.1.0, 255.255.255.0 Subnet, 192.168.2.0,
255.255.255.0 Remote Secure Group Subnet,
192.168.2.0, 255.255.255.0 Subnet, 192.168.1.0,
255.255.255.0 Remote Security Gateway 211.21.189
.53 210.241.239.77 Encryption
DES DES Authentication MD5 MD5 Key
Management Auto (ISAKMP) Auto (ISAKMP) PFS
OFF OFF Pre-share KEY MyTest MyTest
22
Support Mobile User VPN Client
LAN
WAN
Internet
192.168.1.100
140.111.1.2
BEFVP41 Win2000 professional/ Cisco
VPN client LAN IP 192.168.1.1 ---------- WAN
IP 140.111.1.1 140.111.1.2 Default
Gateway 140.111.1.2
140.111.1.1 (select tunnel entry) Tunnel
1 Tunnel 1 This Tunnel Enable Enable Loca
l Secure Group Subnet, 192.168.1.0,
255.255.255.0 IP, 140.111.1.2 Remote Secure
Group IP, 140.111.1.2 Subnet, 192.168.1.0,
255.255.255.0 Remote Security Gateway 140.111.1.2
140.111.1.1 Encryption DES DES Authentic
ation MD5 MD5 Key Management Auto
(ISAKMP) Auto (ISAKMP) PFS OFF OFF Pre-sha
re KEY MyTest MyTest
23
Support Dynamic IP
LAN
WAN
Internet
192.168.1.100
210.21.189.53
BEFVP41 1 Win2000 professional/ Cisco
VPN client LAN IP 192.168.1.1 ---------- WAN
IP 210.241.239.77 211.21.189.53 Default
Gateway 210.241.239.73 211.21.189.49 (sel
ect tunnel entry) Tunnel 1 Tunnel 1 This
Tunnel Enable Enable Local Secure
Group Subnet, 192.168.1.0, 255.255.255.0 IP,
211.21.189.53 Remote Secure Group IP,
1.1.1.1 Subnet, 192.168.1.0,
255.255.255.0 Remote Security Gateway 1.1.1.1
210.241.239.77 Encryption DES DES Authentica
tion MD5 MD5 IPsec ISAKMP ISAKMP PFS
OFF OFF IKE Pre-share KEY MyTest MyTest
24
Remote Management
LAN
LAN
WAN
WAN
Internet
192.168.1.100
192.168.2.100
BEFVP41 1 BEFVP41 2 LAN IP
192.168.1.1 192.168.2.1 WAN IP
210.241.239.77 211.21.189.53 Default
Gateway 210.241.239.73 211.21.189.49 (select
tunnel entry) Tunnel 1 Tunnel 1 This Tunnel
Enable Enable Local Secure Group Subnet,
192.168.1.0, 255.255.255.0 192.168.2.0,
255.255.255.0 Remote Secure Group Subnet,
192.168.2.0, 255.255.255.0 192.168.1.0,
255.255.255.0 Remote Security Gateway 211.21.189.
53 210.241.239.77 Encryption
DES DES Authentication MD5 MD5 IPsec
ISAKMP ISAKMP PFS OFF OFF IKE
Pre-share KEY MyTest MyTest
About PowerShow.com