Even though the following is related to connecting to a Netgear VP
endpoint it may be useful on the XP-VPN-client side:
Windows XP [VPN client] to Netgear, say, DG834G [VPN gateway]
configuration:
Create the DG834G - WinXP IPSec Policy
1. Click Start, click Run, and then type secpol.msc.
2. Right-click “IP Security Policies on Local Computer”, and then clic
Create IP Security
Policy.
3. Click Next, and then enter DG834G - WinXP IPSec Policy as the nam
for your policy.
4. Clear the “Activate the default response rule” check box, and the
click Next.
5. Clear the “Edit properties” checkbox.
6. Click Finish.
Configure Key Exchange Settings
1. Right click on the DG834G - WinXP IPSec Policy you just created an
choose Properties.
2. On the General page, click the Advanced button.
3. Check the “Master key perfect forward secrecy (PFS)” checkbox.
4. Make sure that the key generation time is 3 minutes.
4. Click OK. Click OK again. Apply the settings and click OK.
Create the DG834G to WinXP IP Filter List
1. Right-click IP Security Policies on Local Computer, and then clic
Manage IP filter lists and
filter action.
2. Click Add on the Manage IP Filter Lists page.
3. Enter FVS to WinXP IP Filter List the filter list name.Uncheck th
"Use Add wizard".
4. Click Add. The Filter Properties dialog displays.
5. Clear the Mirrored check box (tunnel settings cannot be mirrored).
6. For Source Address, select “A specific IP Subnet”. In the IP addres
box punch in 192.168.12.0 and subnet is 255.255.255.0
7. For Destination address, select “A specific IP Address” and punch i
the IP address of the computer.
8. In the Protocol page ensure that “Any” protocol type is selected.
9. Apply new settings, click OK, and close the IP Filter List dialogs.
Create the WinXP to DG834G IP Filter List
1. Right-click “IP Security Policies on Local Computer,” and then clic
Manage IP filter lists
and filter action.
2. Click Add on the Manage IP Filter Lists page.
3. Enter Winxp to DG834G IP Filter List as the filter list name. Clic
Add. The Filter
Properties dialog displays.
4. Clear the Mirrored check box (tunnel settings cannot be mirrored).
5. For Source address, select “A specific IP Address”. Punch in the I
address of the computer
6. For Destination Address, sselect “A specific IP Subnet”. In the I
address box punch in 192.168.12.0 and subnet is 255.255.255.0
mask.
7. In the Protocol page ensure that “Any” protocol type is selected.
8. Apply new settings, click OK, and click close the IP Filter Lis
dialogs.
Create the DG834G - WinXP Filter Action
1. Right-click “IP Security Policies on Local Computer”, and then clic
Manage IP filter lists
and filter actions. Choose the “Manage Filter Action” page.
– Verify that the clear “Use Add Wizard” option is unchecked and clic
Add.
– Select “Negotiate Security” and click Add.
– Select “Custom” and click Settings.
– Ensure that the “Data integrity and encryption (ESP)” option i
selected.
– Ensure that integrity algorithm is SHA1.
– Ensure that encryption algorithm is 3DES.
– Select “Generate a new key every” 300 seconds for session key.
2. Click OK to save the changes and return to the Filter Actio
Property dialog.
3. Select “Session key perfect forward secrecy (PFS)” option.
– Ensure that “Accept unsecured communication, but always respond usin
IPSec” option is
NOT selected.
– Ensure that “Allow unsecured communication with non-IPSec-awar
computers” option is
NOT selected.
4. Go to the General page and enter DG834G - WinXP Filter Action in th
name field
5. Click Apply to save the new filter action settings, and close th
Manage IP Filter lists and
actions dialog.
Create the DG834G to WinXPTunnel Rule
1. Double click on the “DG834G to WinXP IPSec Policy”.
2. Verify that the “Use Add Wizard” option is clear and click Add.
3. For Connection Type select “All network connections”.
4. For IP Filter List select “DG834G to WinXP IP Filter List”.
5. For Filter Action select “DG834G - WinXP Filter Action”.
6. For Tunnel Setting, select the “The tunnel endpoint is specified b
this IP Address:” radio
button, and enter the IP address of the computer
7. For Authentication Method, click Add, select “Use this string to
protect the key exchange
(Preshared key)”. Use the preshared key that was typed in the router.
Create the Winxp to DG834G Tunnel Rule
1. Double click on the “Winxp to DG834G IPSec Policy”.
2. Verify that the “Use Add Wizard” option is clear and click Add.
3. For Connection Type select “All network connections”.
4. For IP Filter List select “Winxp to DG834G IP Filter List”.
5. For Filter Action select “DG834G - Winxp Filter Action”.
6. For Tunnel Setting select the “The tunnel endpoint is specified by
this IP Address:” radio
button, and from our example enter the IP address of the router
7. For Authentication Method select “Use this string to protect the key
exchange (Preshared
key)”. Type the preshared key typed on the router.
8. Apply the new settings.
Now activate the DG834G - Winxp IPSec Policy. Highlight the “IP
Security Policies on Local Machine,” right-click the “DG834G - Winxp
IPSec Policy” policy, and then click Assign. A green dot appears in the
folder icon next to the policy
--
plumbum
|
Linear Mode
