Support User Manuals

Cisco Systems RV130W Network Router User Manual

Open as PDF

of 141

Configuring VPN

Configuring Site-to-Site IPsec VPN Advanced Parameters

Cisco RV130/RV130W Wireless Multifunction VPN Router Administration Guide 103

6

- Auto Policy—Some parameters for the VPN tunnel are generated

automatically. This requires using the Internet Key Exchange (IKE)

protocol for negotiations between the two VPN endpoints.

- Manual Policy—All parameters (including the keys) for the VPN tunnel

are manually entered for each end point. No third-party server or

organization is involved.

c. Remote Endpoint—Select the type of identifier that you want to provide for

the gateway at the remote endpoint: IP Address or FQDN (Fully Qualified

Domain Name). Enter the IP address or the FQDN.

STEP 3 In the Local Traffic Selection and Remote Traffic Selection sections:

• In the Local IP and Remote IP fields, indicate how many endpoints will be

part of the VPN policy:

- Single—Limits the policy to one host. Enter the IP address of the host that

will be part of the VPN in the IP Address field.

- Subnet—Allows an entire subnet to connect to the VPN. Enter the

network address in the IP Address field, and enter the subnet mask in the

Subnet Mask field. Enter the subnet’s network IP address in the IP

Address field. Enter the subnet mask, such as 255.255.255.0, in the

Subnet Mask field. The field automatically displays the default subnet

address based on the IP address.

Note: Do not use overlapping subnets for remote or local traffic selectors. Using

these subnets would require adding static routes on the router and the hosts to be

used. For example, avoid:

Local Traffic Selector: 192.168.1.0/24

Remote Traffic Selector: 192.168.0.0/16

STEP 4 For a Manual policy type, enter the settings in the Manual Policy Parameters

section:

• SPI-Incoming, SPI-Outgoing—Enter a hexadecimal value between 3 and 8

characters; for example, 0x1234. Security Parameter Index (SPI) identifies

the Security Association of the incoming and outgoing traffic streams.

• Manual Encryption Algorithm—Select the algorithm used to encrypt the

data.

• Key-In, Key-Out—Enter the encryption key of the inbound and outbound

policy. The length of the key depends on the encryption algorithm chosen:

previous next