3Com 3CR856-95 I

57

Depending on which Tunnel Type you have selected, choose from

the following to edit or add the remaining fields:

■“IPSec Connections using Remote User Access” on page 57

■“IPSec Connections using Gateway to Gateway” on page 57

■“L2TP over IPSec Connections” on page 59

■“PPTP Connections” on page 60

IPSec Connections using Remote User Access

If you have selected IPSec as a Tunnel Type and Remote User

Access as a Connection Type, enter the following values:

■Remote User ID — Enter the Remote User ID. This must be

entered identically on the IPSec software installed on the

client’s machine.

■Tunnel Shared Key — this is the password for the connection

and is a combination of letters, numbers and punctuation and

can be up to 64 characters in length.

Figure 53 IPSec Connection - Remote User Access

■Encryption type — choose the encryption type from DES or

3DES. 3DES is more secure but may take longer to encrypt

and decrypt.

3DES is not shipped with the Gateway as standard due to

international restrictions on encryption. If your country permits its

use it can be downloaded from the 3Com web site at

http://www.3com.com/

■Exchange keys using — choose the encryption method used

to exchange shared keys. Diffie-Hellman Group 2 is more

secure but less common than Diffie-Hellman Group 1.

■Use Perfect Forward Secrecy — Choose whether to use

perfect forward secrecy. Using perfect forward secrecy will

change the encryption keys during the course of a connection

making the tunnel more secure but slowing data transfer. To

enable perfect forward secrecy ensure that the Use Perfect

Forward Secrecy box is checked. To keep the same key for the

length of a connection leave the box unchecked.

Click Apply to save your changes or Close to return without

saving.

IPSec Connections using Gateway to Gateway

If you have selected IPSec as a Tunnel Type and Gateway to

Gateway as a Connection Type, enter the following values:

■Remote IPSec Server Address — enter the Internet IP address

or name of the remote gateway. (Figure54).

■Remote Network address — enter the LAN IP address of the

remote network. This is the first IP address of a subnet, one

below the first address available for use.

dua08569-5aaa02.boo k Pag e 57 Thursday , Novem ber 7, 2002 3:09 PM

Contents

Main 3Com Corporation 5400 Bayfront Plaza Santa Clara, California 95052-8145 C Page Page Page ABOUT THIS GUIDE Naming Convention Conventions Icon Notice Type Description Convention Description Feedback about this User Guide Convention Description Related Documentation Product Registration INTRODUCING THE OFFICECONNECT CABLE/DSL SECURE GATEWAY OfficeConnect Cable/DSL Secure Gateway Cable/DSL Secure Gateway Advantages Package Contents Minimum System and Component Requirements Front Panel 1 Alert LED (Orange) Off Flashing quickly Flashing slowly (Two seconds on, two seconds off) On for 2 seconds, and then off Rear Panel 5 Power Adapter socket 6 Ethernet Cable/DSL port 7 Four 10/100 LAN ports Page INSTALLING THE GATEWAY Introduction Positioning the Gateway Safety Information Using the Rubber Feet PPPoE PPTP DHCP Static Powering Up the Gateway Connecting the Cable/DSL Secure Gateway Page SETTING UP YOUR COMPUTERS Obtaining an IP Address Automatically Windows 2000, XP Windows 95, 98, ME Macintosh OS 8.5, 9.x Disabling PPPoE and PPTP Client Software Disabling Web Proxy Page RUNNING THE SETUP WIZARD Accessing the Wizard Setting the Password Setting the Time Zone Auto-Configuration Settings Internet Settings Static IP Mode Dynamic IP Address Mode PPPoE Mode PPTP Mode Choosing your LAN Settings Activating DHCP Viewing the Summary Page GATEWAY CONFIGURATION Navigating Through the Gateway Configuration Pages Main Menu Option Tabs Getting Help Welcome Screen Viewing the Notice Board Changing the Administration Password Setup Wizard LAN Settings LAN IP Settings Changing the LAN Settings Changing the DHCP Server Settings DHCP Clients List Internet Settings Connection to ISP Configuring a Static IP Address Configuring a Dynamic IP Address Configuring a PPPoE connection Configuring a PPTP connection Setting up NAT Page Setting up One-to-One NAT Configuring the Firewall The Virtual Servers Menu Creating a Virtual DMZ Creating a Virtual Server PC Privileges To use access control for all computers: To assign different access rights for different computers: Example: Special Applications Adding and Editing Special Applications Creating Custom Special Applications Page Advanced Configuring VPNs Setting the VPN Mode IPSec Configuration L2TP Configuration PPTP Configuration Viewing VPN Connections Adding and Editing VPN Connections I IPSec Connections using Gateway to Gateway Example: L2TP over IPSec Connections PPTP Connections Editing IPSec Routes Accessing the System Tools Restart Time Zone Loading and Saving the Gateway Configuration Upgrading the Firmware of your Gateway Viewing Status and Logs Page Page T Basic Connection Checks Browsing to the Gateway Configuration Screens Connecting to the Internet Forgotten Password Alert LED Recovering from Corrupted Software Frequently Asked Questions USING DISCOVERY Running the Discovery Application Windows Installation (95/98/2000/Me/NT) Page IP A The Internet Protocol Suite IP Addresses and Subnet Masks Type One Device IP Address Subnet Mask How does a Device Obtain an IP Address and Subnet Mask? DHCP Addressing Static Addressing Device IP Address Subnet Mask Auto-IP Addressing Private IP Addresses Page T Interfaces Operating Temperature Power Humidity System Requirements Operating Systems Ethernet Performance Cable Specifications SAFETY INFORMATION Important Safety Information Wichtige Sicherheitshinweise Consignes importantes de scurit Page Page END USER SOFTWARE LICENCE AGREEMENT 3Com Corporation END USER SOFTWARE LICENSE AGREEMENT Page ISP I Information Regarding Popular ISPs Internet Connection Typ es Characteristics Popular ISPs Internet Connection Typ es Page G 10BASE-T 100BASE-TX 3DES Auto-negotiation Page IETF IP IP Address IPSec ISP Page Page Page I Numbers A B C E F G H I L M N O P R S T U V W Page REGULATORY NOTICES FCC Statement VCCI Statement Information to the User CE Statement (Europe)