Depending on which Tunnel Type you have selected, choose from the following to edit or add the remaining fields:
■“IPSec Connections using Remote User Access” on page 57
■“IPSec Connections using Gateway to Gateway” on page 57
■“L2TP over IPSec Connections” on page 59
■“PPTP Connections” on page 60
IPSec Connections using Remote User Access
If you have selected IPSec as a Tunnel Type and Remote User Access as a Connection Type, enter the following values:
■Remote User ID — Enter the Remote User ID. This must be entered identically on the IPSec software installed on the client’s machine.
■Tunnel Shared Key — this is the password for the connection and is a combination of letters, numbers and punctuation and can be up to 64 characters in length.
Figure 53 IPSec Connection - Remote User Access
■Encryption type — choose the encryption type from DES or 3DES. 3DES is more secure but may take longer to encrypt and decrypt.
3DES is not shipped with the Gateway as standard due to international restrictions on encryption. If your country permits its use it can be downloaded from the 3Com web site at
http://www.3com.com/
■Exchange keys using — choose the encryption method used to exchange shared keys.
■Use Perfect Forward Secrecy — Choose whether to use perfect forward secrecy. Using perfect forward secrecy will change the encryption keys during the course of a connection making the tunnel more secure but slowing data transfer. To enable perfect forward secrecy ensure that the Use Perfect Forward Secrecy box is checked. To keep the same key for the length of a connection leave the box unchecked.
Click Apply to save your changes or Close to return without saving.
IPSec Connections using Gateway to Gateway
If you have selected IPSec as a Tunnel Type and Gateway to Gateway as a Connection Type, enter the following values:
■Remote IPSec Server Address — enter the Internet IP address or name of the remote gateway. (Figure 54).
■Remote Network address — enter the LAN IP address of the remote network. This is the first IP address of a subnet, one below the first address available for use.
57