VPN Setup for CNet’s CWR-854 802.11g Wireless Router
The instructions below are for getting an IPSec client to connect CNet’s wireless
broadband router CWR-854(F) with VPN capability. The VPN feature can be used for
secure remote access to a home or work network from anywhere on the Internet.
VPN Client Software used for this test is SSH-Sentinel v1.4 which is free for non-
commercial use.
Applications:
1
Download from Www.Somanuals.com. All Manuals Search And Download.
Router’s VPN Configuration:
Please use the routers’s default IP address 192.168.1.254 to access its configuration.
3
Download from Www.Somanuals.com. All Manuals Search And Download.
As shown above, CWR-854 can store 10 different VPN profiles. We need to enable
IPSec VPN and then click on edit to configure the first profile.
-
-
Use any name for the connection.
Authentication will be through the Pre-Shared Key (PSK). Basically anyone who
wants to have VPN connectivity to the router needs to have this key. We will
later on use this same key in the client configuration.
-
The next step is to enter the IP information for Local and remote sites. For local
site choose “Subnet Address” to allow access to the whole LAN network. For
remote site, choose “Any Address” so that the router accepts VPN requests from
any IP address.
-
-
Both local and remote systems are identified by IP.
Key management is auto (IKE). Click the advance key to see the settings for
phase 1 and 2 negotiations. In phase 1 peers are authenticated to each other and a
secure encrypted link is established to start phase 2 which is the actual negotiation
of security services for the IPSec-compliant VPN channel. As you can see in the
next image, 3DES and MD5 are the chosen encryption and authentication
methods and for additional security PFS (Perfect Forward Secrecy) is also
selected.
4
Download from Www.Somanuals.com. All Manuals Search And Download.
The last step to finalize VPN configuration is to enter the PSK (Pre-Shared Key) and
save settings. The router is now ready to accept incoming VPN connections.
5
Download from Www.Somanuals.com. All Manuals Search And Download.
Second Scenario:
In this scenario the remote system is behind a NAT router for example another CWR-
854. The connection is from VPN client >> NAT router>> Cable/DSL modem >>
Internet >>Cable/DSL modem >>VPN router.
The only difference in the configuration with scenario one is to configure the VPN
router’s remote site to be “NAT-T any address” as below picture shows:
7
Download from Www.Somanuals.com. All Manuals Search And Download.
VPN Client Configuration
The client software used for this test is SSH-Sentinel v1.4.
The SSH Sentinel software is configured in two steps. The first one involves the
creation of a key management and the second one is the actual VPN security policy.
After the software is installed, right click on the Sentinel icon in the task bar and
select “Run Policy Editor”.
Configuring SSH Sentinel Key Management
From the SSH Sentinel policy editor, click on “Key Management” tab. Then select
the add button under “My Keys” folder.
8
Download from Www.Somanuals.com. All Manuals Search And Download.
From the “New Authentication Key” window, select the “create a pre-shared key”
radio button and click next.
9
Download from Www.Somanuals.com. All Manuals Search And Download.
In the next window, type a name and the same exact key you have entered in the
router’s VPN configuration and click “Finish”.
10
Download from Www.Somanuals.com. All Manuals Search And Download.
Configuring SSH Sentinel Security Policy
From the Security Policy window, click on the “Security Policy” tab, select VPN
connections and click on “Add” button.
In the “Add VPN Connection” window, enter an IP address or a Domain Name
associated with the WAN IP of the CNet router. For remote network, click the “…”
micro button and enter the remote network information. The default LAN network
address of CWR-854 is 192.168.1.0 with 255.255.255.0 for subnet mask.
11
Download from Www.Somanuals.com. All Manuals Search And Download.
Click OK to save the changes and return to the “Rule Properties” window.
12
Download from Www.Somanuals.com. All Manuals Search And Download.
Click on the IPSec/IKE proposal settings button to view proposal parameters.
13
Download from Www.Somanuals.com. All Manuals Search And Download.
Click OK to go back to “Rule Properties” window. Click on the Advanced tab to
view Security association lifetimes as well as Audit and some other advanced
settings.
If the VPN client system is sitting behind a NAT device, you’ll need to check the box
next to “Pass NAT device” using NAT-T.
14
Download from Www.Somanuals.com. All Manuals Search And Download.
At this stage we’ve completed SSH Sentinel configuration and we are ready to
perform a diagnostic test. Click OK to go back to the SSH Sentinel Policy Editor
window and click “Apply” to update security policy changes we’ve made.
Now click on “Diagnostics” to start probing the connection to the VPN server. If
Diagnostics complete successfully, it means that you can establish an IPSec protected
connection to the VPN server.
15
Download from Www.Somanuals.com. All Manuals Search And Download.
We can now use the SSH Sentinel icon in the task bar, select the VPN server and
establish the VPN tunnel.
16
Download from Www.Somanuals.com. All Manuals Search And Download.
Testing VPN Connection
To test the VPN connection, bring up a DOS window and try a ping to the IP address
of one of the computers at home. If ping is successful then the connection is
established and you should be able to see and map network drives to systems behind
the VPN router.
17
Download from Www.Somanuals.com. All Manuals Search And Download.
|