3Com 3CR856-95 Example:

58

Figure 54 IPSec Connection - Gateway to Gateway

If the remote Gateway has a LAN IP address of 192.168.1.1 and

a subnet mask of 255.255.255.0 then the LAN IP address of the

remote subnet is 192.168.1.0.

The Gateways must be configured with LAN IP address ranges

that do not overlap.

■Remote Subnet address — this is set as 255.255.255.0 as

default.

■Tunnel Shared Key — this is the password for the connection

and is a combination of letters, numbers and punctuation and

can be up to 64 characters in length.

If you are creating a Gateway to Gateway connection you have

no need to remember the Tunnel Shared Key once the tunnel is

established and do not have to make the key a memorable

password.

■Encryption type — choose the encryption type from DES or

3DES. 3DES is more secure but may take longer to encrypt

and decrypt.

3DES is not shipped with the Gateway as standard due to

international restrictions on encryption. If your country permits its

use it can be downloaded from the 3Com web site at

http://www.3com.com/

■Hash Algorithm — choose either SHA-1 or MD5 from the

drop-down list. Both ends of the connection must use the

same value.

■Exchange keys using — choose the encryption method used

to exchange shared keys. Diffie-Hellman Group 2 is more

secure but less common than Diffie-Hellman Group 1.

■Use Perfect Forward Secrecy — Choose whether to use

perfect forward secrecy. Using perfect forward secrecy will

change the encryption keys during the course of a connection

making the tunnel more secure but slowing data transfer. To

enable perfect forward secrecy ensure that the Use Perfect

Forward Secrecy box is checked. To keep the same key for the

length of a connection leave the box unchecked.

Example: Setting up an IPSec connection between two

Gateways.

Gateway One is located at the head office and is configured with

the following settings:

■Internet IP address: 172.27.34.202

■LAN IP address: 192.168.1.1

■LAN Subnet Mask: 255.255.255.0

dua08569-5aaa02.boo k Pag e 58 Thursday , Novem ber 7, 2002 3:09 PM

Contents

Main 3Com Corporation 5400 Bayfront Plaza Santa Clara, California 95052-8145 C Page Page Page ABOUT THIS GUIDE Naming Convention Conventions Icon Notice Type Description Convention Description Feedback about this User Guide Convention Description Related Documentation Product Registration INTRODUCING THE OFFICECONNECT CABLE/DSL SECURE GATEWAY OfficeConnect Cable/DSL Secure Gateway Cable/DSL Secure Gateway Advantages Package Contents Minimum System and Component Requirements Front Panel 1 Alert LED (Orange) Off Flashing quickly Flashing slowly (Two seconds on, two seconds off) On for 2 seconds, and then off Rear Panel 5 Power Adapter socket 6 Ethernet Cable/DSL port 7 Four 10/100 LAN ports Page INSTALLING THE GATEWAY Introduction Positioning the Gateway Safety Information Using the Rubber Feet PPPoE PPTP DHCP Static Powering Up the Gateway Connecting the Cable/DSL Secure Gateway Page SETTING UP YOUR COMPUTERS Obtaining an IP Address Automatically Windows 2000, XP Windows 95, 98, ME Macintosh OS 8.5, 9.x Disabling PPPoE and PPTP Client Software Disabling Web Proxy Page RUNNING THE SETUP WIZARD Accessing the Wizard Setting the Password Setting the Time Zone Auto-Configuration Settings Internet Settings Static IP Mode Dynamic IP Address Mode PPPoE Mode PPTP Mode Choosing your LAN Settings Activating DHCP Viewing the Summary Page GATEWAY CONFIGURATION Navigating Through the Gateway Configuration Pages Main Menu Option Tabs Getting Help Welcome Screen Viewing the Notice Board Changing the Administration Password Setup Wizard LAN Settings LAN IP Settings Changing the LAN Settings Changing the DHCP Server Settings DHCP Clients List Internet Settings Connection to ISP Configuring a Static IP Address Configuring a Dynamic IP Address Configuring a PPPoE connection Configuring a PPTP connection Setting up NAT Page Setting up One-to-One NAT Configuring the Firewall The Virtual Servers Menu Creating a Virtual DMZ Creating a Virtual Server PC Privileges To use access control for all computers: To assign different access rights for different computers: Example: Special Applications Adding and Editing Special Applications Creating Custom Special Applications Page Advanced Configuring VPNs Setting the VPN Mode IPSec Configuration L2TP Configuration PPTP Configuration Viewing VPN Connections Adding and Editing VPN Connections I IPSec Connections using Gateway to Gateway Example: L2TP over IPSec Connections PPTP Connections Editing IPSec Routes Accessing the System Tools Restart Time Zone Loading and Saving the Gateway Configuration Upgrading the Firmware of your Gateway Viewing Status and Logs Page Page T Basic Connection Checks Browsing to the Gateway Configuration Screens Connecting to the Internet Forgotten Password Alert LED Recovering from Corrupted Software Frequently Asked Questions USING DISCOVERY Running the Discovery Application Windows Installation (95/98/2000/Me/NT) Page IP A The Internet Protocol Suite IP Addresses and Subnet Masks Type One Device IP Address Subnet Mask How does a Device Obtain an IP Address and Subnet Mask? DHCP Addressing Static Addressing Device IP Address Subnet Mask Auto-IP Addressing Private IP Addresses Page T Interfaces Operating Temperature Power Humidity System Requirements Operating Systems Ethernet Performance Cable Specifications SAFETY INFORMATION Important Safety Information Wichtige Sicherheitshinweise Consignes importantes de scurit Page Page END USER SOFTWARE LICENCE AGREEMENT 3Com Corporation END USER SOFTWARE LICENSE AGREEMENT Page ISP I Information Regarding Popular ISPs Internet Connection Typ es Characteristics Popular ISPs Internet Connection Typ es Page G 10BASE-T 100BASE-TX 3DES Auto-negotiation Page IETF IP IP Address IPSec ISP Page Page Page I Numbers A B C E F G H I L M N O P R S T U V W Page REGULATORY NOTICES FCC Statement VCCI Statement Information to the User CE Statement (Europe)