3Com 3CR856-95 manual Configuring VPNs, Setting the VPN Mode, IPSec Configuration

Page 53

Configuring VPNs

A Virtual Private Network (VPN) is a secure tunnel between networks or between a network and a user. The Gateway supports both network to network connections and network to remote client connections.

The Gateway supports IPSec tunnels, L2TP over IPSec, and PPTP connections and allows VPN pass-through to enable other secure devices on your network to set up their own secure connections.

Your Cable/DSL modem and your ISP must support IPSec pass-through, L2TP over IPSec pass-through or PPTP pass-through for you to be able to use these protocols.

See “The Virtual Servers Menu” on page 45 for details to configure pass-through protocols.

Setting the VPN Mode

The Gateway supports three modes of VPN operation:

IPSec Enabled — IPSec (Internet Protocol Security) is a complex secure protocol with a variety of different encryption methods. When setting up an IPSec connection between two devices they must support the same encryption method.

L2TP over IPSec Enabled — L2TP over IPSec is a combination of protocols which authenticates a user (using L2TP) and encrypts data (using IPSec). See “L2TP Configuration” on page 54.

PPTP Server Enabled — PPTP (Point-to-Point Tunnelling Protocol) is an encrypted VPN protocol like IPSec. It is not as secure as IPSec but is easy to administrate. PPTP does not support Gateway to Gateway connections and is only suitable for connecting remote users.

Enabling IPSec VPN will disable pass-through to IPSec and L2TP/IPSec Virtual Servers on the LAN. Enabling L2TP over IPSec will disable pass-through to IPSec and L2TP/IPSec Virtual Servers on the LAN. Enabling the PPTP server will disable PPTP pass-through to a Virtual Server on the LAN. Pass-through outbound from clients on the LAN to servers on the internet is unaffected.

A VPN Tunnel needs the same protocol on both sides of the connection. If you are trying to establish an IPSec connection with another Gateway or with a user the other Gateway must support IPSec or the user must have software installed that supports IPSec VPN.

The VPN Mode menu is shown in Figure 51 below. Choose from the options by clicking in the appropriate radio button under VPN Server Setup.

IPSec Configuration

In the IPSec Configuration field, enter This Gateway’s ID as an Internet IP address or name of the Gateway that you are configuring. This value is common across all IPSec connections but does not apply to PPTP connections. If PPTP only is enabled, This Gateway’s ID field does not appear.

If you require main mode IPSec connections then this value must be the public IP address of the Gateway.

53

Page 52 Page 54
Image 53
Page 52 Page 54
Contents Page United States Government Legend 3Com Corporation Bayfront Plaza Santa Clara, CaliforniaContents IP Addressing TroubleshootingUsing Discovery End User Software Licence Agreement Safety InformationISP Information Index Regulatory NoticesPage Naming Convention About this GuideConventions Icon DescriptionProduct Registration Related DocumentationFeedback about this User Guide OfficeConnect Cable/DSL Secure Gateway Introducing the Officeconnect CABLE/DSL Secure GatewayCable/DSL Secure Gateway Advantages Example Network Using a Cable/DSL Secure GatewayMinimum System and Component Requirements Package ContentsFront Panel Power LED GreenAlert LED Orange Flashing slowly Two seconds on, two seconds offRear Panel Power Adapter socketCable/DSL Status LED Ethernet Cable/DSL portPage Before you Install your Gateway Installing the GatewayIntroduction Positioning the GatewayStatic PPPoEConnecting the Cable/DSL Secure Gateway Powering Up the GatewayPage Windows 2000, XP Setting UP Your ComputersObtaining an IP Address Automatically Macintosh OS 8.5 Disabling PPPoE and Pptp Client SoftwareWindows 95, 98, ME Internet Properties Disabling Web ProxyPage Accessing the Wizard Running the Setup WizardWelcome Screen Setting the PasswordTo set the Gateway to World Time UTC Setting the Time ZoneInternet Settings Auto-Configuration SettingsDynamic IP Address Mode Static IP ModeConnection, use the following procedure PPPoE ModePptp Screen Pptp ModeActivating Dhcp Choosing your LAN SettingsViewing the Summary Dhcp Server Setup ScreenPage Navigating Through the Gateway Configuration Pages Gateway ConfigurationMain Menu Option TabsWelcome Screen Password ScreenSetup Wizard LAN SettingsLAN IP Settings Changing the LAN SettingsChanging the Dhcp Server Settings Dhcp Clients Screen Dhcp Clients ListStatic IP Address DSL or Cable Internet SettingsConnection to ISP Screen Connection to ISPStatic Address Setup Screen Configuring a Static IP AddressDynamic Address Setup Screen Configuring a Dynamic IP AddressPPPoE Setup Screen Configuring a PPPoE connectionConfiguring a Pptp connection Setting up NATOne-to-Many and One-to-One NAT Setting up One-to-Many NATVirtual Servers Menu Configuring the FirewallSetting up One-to-One NAT Creating a Virtual DMZ Creating a Virtual ServerPC Privileges Virtual Servers Settings ScreenTo assign different access rights for different computers To use access control for all computersSpecial Applications Screen Special Applications Creating Custom Special Applications Adding and Editing Special ApplicationsCustom Special Applications Setup Screen Advanced Advanced Settings ScreenIPSec Configuration Configuring VPNsSetting the VPN Mode Address Pool for Pptp and L2TP clients field enter L2TP ConfigurationViewing VPN Connections Pptp ConfigurationAdding and Editing VPN Connections IPSec Connections using Gateway to Gateway IPSec Connections using Remote User AccessIPSec Connection Gateway to Gateway Connection Name field enter headsales L2TP over IPSec ConnectionsPptp Connections Editing IPSec RoutesRestart Accessing the System ToolsTime Zone Loading and Saving the Gateway ConfigurationUpgrading the Firmware of your Gateway Upgrade ScreenStatus Screen Viewing Status and LogsObtaining Support and Feedback for your Gateway Log Settings ScreenFeedback Screen Basic Connection Checks TroubleshootingBrowsing to the Gateway Configuration Screens Forgotten Password Connecting to the InternetHttp//192.168.1.1 Alert LEDDoes the Gateway support virtual private networks VPNs? Frequently Asked QuestionsRunning the Discovery Application Using DiscoveryWindows Installation 95/98/2000/Me/NT Discovery Finish Screen Internet Protocol Suite IP AddressingIP Addresses and Subnet Masks Type OneDhcp Addressing How does a Device Obtain an IP Address and Subnet Mask?Static Addressing Type TwoAuto-IP Addressing Private IP AddressesPage Standards Technical SpecificationsSystem Requirements Cable SpecificationsEthernet Performance Operating SystemsWichtige Sicherheitshinweise Safety InformationImportant Safety Information Consignes importantes de sécurité Page Page 3Com Corporation END User Software Licence AgreementPage Information Regarding Popular ISPs Internet Characteristics Popular ISPs Connection TypesISP Information Page Glossary Ethernet DSL modemEthernet Address Fast EthernetIPSec IP AddressL2TP over IPSec MAC AddressNetwork SwitchNetwork Interface Card NIC ProtocolWizard TrafficPage Numbers IndexIeee Ietf NAT Ping VPN Page FCC Statement Regulatory Notices100 Page DUA08569-5AAA02 Published November
Related manuals
Manual 2 pages 51.21 Kb
Top Page Image Contents