Chapter 15 Advanced security features

15.3 VPN using IPSec Protocol

IPsec (IP Security Protocol) is an extended IP protocol which enables secure data trans- fer. It provides services similar to SSL/TLS, however, these services are provided on a network layer. IPSec can be used for creation of encrypted tunnels between networks (VPN) — so called tunnel mode, or for encryption of traffic between two hosts— so called transport mode.

WinRoute includes so called IPSec pass-through. This implies that WinRoute does not include tools for establishing an IPSec connection (tunnel), however, it is able to detect IPSec protocol and enable it for traffic between the local network and the Internet.

Note: The IPSec Pass-Through function guarantees full functionality of existing IPSec clients and servers after deployment of WinRoute at the Internet gateway. If you consider designing and implementation of new virtual private networks, we recommend you to use the WinRoute proprietary VPN solution (see chapter 21).

IPSec preferences

IPSec preferences can be set in the IPSec pass-througharea in the Security Settings tab of the Configuration Advanced Options section. For detailed information on IPSec refer to chapter WinRoute’s IPSec configuration.

Figure 15.5 IPSec pass-through settings (the Security

Settings tab under Configuration → Advanced Options)

Enable

This option enables IPSec pass-through.

It is necessary to set idle timeout for IPSec connections (default time is 3600 sec- onds which is exactly 1 hour). If no data is transferred for this time and a connec- tion is not closed properly, WinRoute will consider the connection closed and the pass-through is available to another computer (another IP address).

Enable pass-through only for hosts

It is possible to narrow the number of hosts using IPSec pass-through by defining a certain scope of IP addresses (typically hosts on which IPSec clients will be run). Use the Edit button to edit a selected IP group or to add a new one.

218

Page 217 Page 219
Page 218
Image 218
Kerio Tech Firewall6 manual VPN using IPSec Protocol, IPSec preferences, Enable pass-through only for hosts, 218
Page 217 Page 219
Top Page Image Contents