VPN                                                                          

This Gateway supports IPSec, L2TP, and PPTP Passthrough.  You can select either Enable or Disable for these options.

 

IPSec VPN Tunnel
  • Select Tunnel Entry

Select the tunnels number you want to setup.

  • Delete

Click this to remove any entries made for this tunnel you selected.

  • Summary

Click this button to display the status of all the tunnels.

  • IPSec VPN Tunnel

Select Enabled to create a tunnel or Disabled to close the tunnel.

  • Tunnel Name

Once the tunnel is enabled, enter an arbitrary name for the tunnel you are about to create.

Local Secure Group

This allows you to grant local computers access to this tunnel.

 

  • Subnet

This allow all computers on the local subnet to access the tunnel.  Enter the IP Address and Mask to allow access to the tunnel.

  • IP Address

This only allows the local computer with the specified IP address.  Enter the IP address you want to allow access to the tunnel.

Local Security Gateway

The Local Security Gateway is a VPN device, such as a second VPN Gateway, on the local network.  The local VPN device can be another VPN Gateway, a VPN Server, or a computer with VPN client software that supports IPSec.

Remote Secure Group

This allows you to grant remote computers access to this tunnel.

 

  • Subnet

This allow all computers on the remote subnet to access the tunnel.  Enter the IP Address and Mask to allow access to the tunnel.

  • IP Address

This only allows the remote computer with the specified IP address.  Enter the IP address you want to allow access to the tunnel.

  • Host

When this is selected, the settings will be the same as the Remote Security Gateway

  • Any

This option will allow any IP address from a remote location to access this tunnel.

Remote Security Gateway

This sets the remote end of the VPN tunnel.  You can either specify the IP address, Domain, or Any.  The remote VPN device can be another VPN Gateway, a VPN Server, or a computer with VPN client software that supports IPSec.

 

  • IP Address

Enter the IP address of the remote tunnel you will connect.

  • Domain

This option lets you enter the fully qualified domain name.  If you do not have an IP address, you have an option to enter the domain of the tunnel you are connecting to.

  • Any

This will allow any tunnel connection to be established.

Encryption
  • DES

Data Encryption Standard (DES) is a type of encryption for this VPN tunnel.  If you select this option, make sure the other end of the tunnel uses the same encryption type.

  • 3DES

Triple Data Encryption Standard (3DES) is a stronger type of encryption for this VPN Tunnel.  If you select this option, make sure the other end of the tunnel uses the same encryption type.

  • Disable

This option will not encrypt for this tunnel.

Authentication
  • MD5

Message Digest Algorithm (MD5) generates 128-bit message digest based on the input.  If you select this option, make sure the other end of the tunnel uses the same authentication type.

  • SHA

Secure Hash Algorithm (SHA) generates 160-bit message digest based on the input.  If you select this option, make sure the other end of the tunnel uses the same authentication type.

  • Disable

This option will not authenticate for this tunnel.

Key Management

In order for any encryption to occur, the two ends of the tunnel must agree on the type of encryption.  This is done by sharing a "key" to encrypt code.  You can select Auto (IKE) or Manual.

 

Auto Key Management

  • PFS

Perfect Forward Secrecy (PFS) ensures that the initial key exhcnage and IKE proposal are secure.  This must be the same for both end of the tunnel.

  • Pre-shared Key

Enter a series of number and letters that will be used as your key.  This must be the same for both end of the tunnel.

  • Key Lifetime

Enter a number of seconds for the life of the key.  After the key lifetime expires, a new code will be generated.  This must be the same for both end of the tunnel.

 

Manual Key Management

  • Encryption Key

Enter a series of letters or numbers to generate an encryption key.  This must be the same for both end of the tunnel.

  • Authentication Key

Enter a series of letters or numbers to generate an authentication key.  This must be the same for both end of the tunnel.

  • Inbound SPI

Enter a series of letter or numbers to generate the inbound SPI.  This must match the outbound SPI on the other end of the tunnel.

  • Outbound SPI

Enter a series of letter or numbers to generate the outbound SPI.  This must match the inbound SPI on the other end of the tunnel.

 

Status

This will show if you are connected or disconnected from the other end of the VPN tunnel.

Connect/

Disconnect

This button will connect or disconnect the other end of the VPN tunnel.

View Log

This will show you the VPN activity when connecting or disconnecting.

 

 

Advanced Settings

 

Phase 1 is used to create a Security Association (SA), often called the IKE SA.  After Phase 1 is completed, Phase 2 is used to create one or more IPSec SAs, which are then used to key IPSec sessions.

 

Operation Mode

 

Main

 This is for normal operation and is more secure.

Aggressive

 This is faster mode but less secure.

Username

 Some require username to establish a VPN connection.

Encryption

 Select the length of the key used to encrypt/decrypt ESP packets.  There are two choices:  DES and 3DES.  3DES is recommended for better security.

Authentication

 Select the method used to authenticate ESP packets.  There are two choices:  MD5 and SHA.  SHA is recommended for better security.

Group

 There are two Diffie-Hellman Groups to choose from:  768-bit and 1024-bit.  Diffie-Hellman refers to a cryptographic technique that uses public and private keys for encryption and decryption.

Key Lifetime

 Enter a number of seconds for the life of the key.   After the key lifetime expires, a new code will be generated.  This must be the same for both end of the tunnel. 

 

Phase 2

 

Encryption

 The encryption method selected in Phase 1 will be displayed.

Authentication

 The authentication method selected in Phase 1 will be displayed.

PFS

 The status of PFS will be displayed.

Group

 There are two Diffie-Hellman Groups to choose from:  768-bit and 1024-bit.  Diffie-Hellman refers to a cryptographic technique that uses public and private keys for encryption and decryption.

Key Lifetime

 Enter a number of seconds for the life of the key.   After the key lifetime expires, a new code will be generated.  This must be the same for both end of the tunnel. 

 

Other Setting

 

NetBIOS broadcast

 Check this box to enable NetBIOS traffic to pass-through the VPN tunnel.

Anti-replay

 Check this box to enable the Anti-reply protection.  This feature keeps track of sequence numbers and packet arrival, ensuring security at the IP packet-level.

Keep-Alive

 Check this box to re-establish VPN tunnel connection whenever it is dropped.  Once the tunnel is initialized, this feature will keep the tunnel connected.

If IKE failed more than x Times, block this unauthorized IP for y seconds.

 Check this box to block unauthorized IP addresses.  Complete the on-screen sentence to specify how many times IKE must fail before blocking that unauthorized IP address for a length of time that you specify (in seconds).

 

Check all the values and click Save Settings to save your settings. Click Cancel Changes to cancel your unsaved changes.