Chapter 4

Advanced Configuration

Local Security Group Type > IP Range

IP range  Enter the range of IP addresses. The default is 192.168.1.0~254.

Remote Group Setup

Before you configure the Remote Group Setup, make sure your VPN tunnel will have two different IP subnets. For example, if the local VPN Router has an IP scheme of 192.168.1.x (x being a number from 1 to 254), then the remote VPN router should have a different IP scheme, such as 192.168.2.y (y being a number from 1 to 254). Otherwise, the IP addresses will conflict, and the VPN tunnel cannot be created.

Remote Security Gateway Type

Select the type you want to use: IP Only, IP + Domain Name(FQDN) Authentication, IP + E-mail Addr.(USER FQDN) Authentication, Dynamic IP + Domain Name(FQDN) Authentication, or Dynamic IP + E- mail Addr.(USER FQDN) Authentication. Follow the instructions for the type you want to use.

NOTE: The Remote Security Gateway Type you select should match the Local Security Gateway Type selected on the VPN device at the other end of the tunnel.

IP Only

The default is IP Only. Only the device with a specific IP address will be able to access the tunnel. Select IP address or IP by DNS Resolved.

Remote Security Gateway Type > IP Only

IP address  Select this option if you know the static IP address of the remote VPN device at the other end of the tunnel, and then enter the IP address.

IP by DNS Resolved  Select this option if you do not know the static IP address of the remote VPN device but you do know its domain name. Then enter the remote VPN device’s domain name on the Internet. The Router will retrieve the IP address of the remote VPN device via its public DNS records.

IP + Domain Name(FQDN) Authentication

The IP address and domain name ID must match the Local Gateway of the remote VPN device, and they can only be used for one tunnel connection.

Remote Security Gateway Type > IP + Domain Name(FQDN)

Authentication

IP address  Select this option if you know the static IP address of the remote VPN device at the other end of the tunnel, and then enter the IP address.

IP by DNS Resolved  Select this option if you do not know the static IP address of the remote VPN device but you do know its domain name. Then enter the remote VPN device’s domain name on the Internet. The Router will retrieve the IP address of the remote VPN device via its public DNS records.

Domain Name  Enter the domain name as an ID (it cannot be a real domain name on the Internet).

IP + E-mail Addr.(USER FQDN) Authentication

Remote Security Gateway Type > IP + E-mail Addr.(USER FQDN)

Authentication

IP address  Select this option if you know the static IP address of the remote VPN device at the other end of the tunnel, and then enter the IP address.

IP by DNS Resolved  Select this option if you do not know the static IP address of the remote VPN device but you do know its domain name. Then enter the remote VPN device’s domain name on the Internet. The Router will retrieve the IP address of the remote VPN device via its public DNS records.

E-mail address  Enter the e-mail address as an ID. Dynamic IP + Domain Name(FQDN) Authentication

The Local Security Gateway will be a dynamic IP address, so you do not need to enter the IP address. When the Remote Security Gateway requests to create a tunnel with the Router, the Router will work as a responder.

The domain name must match the Local Gateway of the remote VPN device and can only be used for one tunnel connection.

10/100 4-Port VPN Router

37

Page 44
Image 44
Cisco Systems RV042RF manual Remote Group Setup, Remote Security Gateway Type