Linksys

  • Article

This topic describes how to configure Linksys to work in a VPN site-to-site solution with ISA Server.

Linksys: Preshared Secret Configuration Overview

The following IPSec settings are used in this section of this configuration document:

  • Phase I
    • Main mode
    • 3DES
    • SHA-1
    • MODP Group 2 (1024 bits) for DH
    • SA lifetime of 28,800 seconds
    • Preshared Secret
  • Phase II
    • 3DES
    • SHA-1
    • PFS & MODP Group 2 (1024 bits) for DH
    • SA lifetime of 3600 seconds
    • ESP tunnel mode

Preshared Secret Checklist

Use the following checklist for preshared secrets.

____

Install and configure the Sonicwall device

____

Determine remote gateway External IP address

____

Determine remote networks IP address and netmask protected by the remote gateway

____

Set preshared secret

____

Configure VPN

____

Test IPSec tunnel

For installation and configuration information and documentation, refer to the documents found on the Linksys website (www.linksys.com).

Linksys Walk-through Procedure 1: Configuring the Preshared Secret Solution

This topic describes in detail the process to configure the Linksys device to successfully establish a site-to-site IPSec tunnel with the ISA Server computer using the settings specified in Linksys: Preshared Secret Configuration Overview. This section includes tips that can be used to improve the functionality of the IPSec tunnel, performance of the device, or the security of the device.

Note

The step-by-step instructions in the following sections assume that you have a working knowledge of Linksys, and only the parameters directly related to the scenarios are described in detail.

Configure VPN

Use the following steps to configure VPN.

  1. Browse to the Web-based VPN Concentrator Manager and log on.
  2. Select VPN from the top menu. On this screen:
    • Select Tunnel 1 from the drop-down list.
    • Select Enable for This Tunnel.
    • Enter Site-to-Site_CL as the Tunnel Name.
    • Select Subnet from the drop-down list and enter 172.23.9.0 for the IP and 255.255.255.0 as the subnet mask for the Local Secure Group.
    • Select Subnet from the drop-down list and enter 10.4.5.0 for the IP and 255.255.255.0 as the subnet mask for the Remote Secure Group.
    • Select IP Addr and enter 14.15.16.17 as the IP of the Remote Security Gateway.
    • Select 3DES as the Encryption
    • Select SHA as the Authentication.
    • Select Auto (IKE) as the Key Management
    • Select PFS (Perfect Forward Security)
    • Enter Cool-Dude! as the Preshared Key.
    • Enter 3600 as the Key Lifetime.
    • Select Advanced.
  3. In the Advanced Settings screen:
    • Select Main Mode as the Operation Mode.
    • Select 3DES as the Encryption for Proposal 1 from the drop-down list.
    • Select SHA as the Authentication for Proposal 1 from the drop-down list.
    • Select 1024-bit as the Group for Proposal 1 from the drop-down list.
    • Enter 28800 as the Key Lifetime for Proposal 1.
  4. Select 1024-bit as the Group for Proposal 2 for PFS from the drop-down list.
  5. Enter 3600 as the Key Lifetime for Proposal 1.
  6. Select Apply.
  7. Select VPN from the top menu. On this screen:
    • Select Tunnel 2 from the drop-down list.
    • Select Enable for This Tunnel.
    • Enter Site-to-Site_AL as the Tunnel Name.
    • Select Subnet from the drop-down list and enter 172.23.9.0 for the IP and 255.255.255.0 as the subnet mask for the Local Secure Group.
    • Select Subnet from the drop-down list and enter 10.5.6.0 for the IP and 255.255.255.0 as the subnet mask for the Remote Secure Group.
    • Select IP Addr and enter 14.15.16.17 for the IP of the Remote Security Gateway.
    • Select 3DES as the Encryption.
    • Select SHA as the Authentication.
    • Select Auto (IKE) for the Key Management.
    • Select PFS (Perfect Forward Security).
    • Enter Cool-Dude! as the Preshared Key.
    • Enter 3600 as the Key Lifetime.
    • Select Advanced.
  8. In the Advanced Settings screen:
    • Select Main Mode as the Operation Mode.
    • Select 3DES as the Encryption for Proposal 1 from the drop-down list.
    • Select SHA as the Authentication for Proposal 1 from the drop-down list.
    • Select 1024-bit as the Group for Proposal 1 from the drop-down list.
    • Enter 28800 as the Key Lifetime for Proposal 1.
  9. Select 1024-bit as the Group for Proposal 2 for PFS from the drop-down list.
  10. Enter 3600 as the Key Lifetime for Proposal 1.
  11. Select Apply.
  12. Test the IPSec tunnel after the third-party gateway peer has been configured by sending icmp traffic to the remote internal network through the IPSec tunnel using the ping utility.

Troubleshooting the Linksys Solution

The following section contains troubleshooting tips. For additional troubleshooting information, refer to the Linksys Knowledge Base articles on the Linksys website (www.linksys.com).

Configuration

Review the configuration for accuracy:

  • Local IP settings
  • Remote IP settings
  • IPSec Phase 1 settings
  • IPSec Phase 2 settings

Logs

Review the log files for any errors:

  • Review the system log by selecting the Log tab.
  • Review the VPN log by selecting View Log from the VPN screen.