Perle Systems 5500161-40 VPN

231

VPN

Overview

A Virtual Private Network (VPN) creates a secure, dedicated communications network tunnell ed

through another network.

You can configure the IOLAN for:

za host-to-host Virtual Private Network (VPN) connection

za host-to-network VPN connection

za network-to -n etwork VPN connection

zor host/network-to-IOLAN VPN connection (allowing seri al devices connected to the IOLAN to

communicate data to a host/network).

In addition to being able to configure up to 64 IPsec tunnels, you can configure an L2TP/IPsec tunnel

that will allow hosts to create a VPN tunnel to the IOLAN. The L2TP/IPsec VPN protocol is required

by the Windows XP operating system.Windows Vist a and Server 20 08 support both VPN protocols.

Note: Before you enable/configure any VPN tunnels, you shoul d configure any exceptions or you

might not be able to access the IOLAN except through a VPN tunnel or the console port. See

Exceptions on page 238 for more information about exceptions.

Note: If you are configuring IPsec and/or L2TP/IPsec, you must also enable the IPsec service

found in Security, Services navigation tree.

Functionality

The information in this section applies only to set ting up IPsec VPN tunnels, not L2TP/IPsec VPN

tunnels.

The IOLAN can be configured as a VPN gateway using the IPsec protocol. You can configure the

VPN connection using two IOLANs as the local and remote VPN gateways or the IOLAN as the

local VPN gateway and a host/server running th e VPN software as the remote VPN gateway.

If the VPN tunnel is being configured for an IPv6 network that is going through a router(s), the

router(s) must have manual IPv6 address entry capability, similar to what Windows Vista provides.

VPN servers/clients can support various VPN param eters. However, the fo llowing parameters are

REQUIRED to be set to the following values to support a VPN tunnel between the IOLAN and a

VPN server/client:

perfect fo rward secrecy : no

protocol: ESP

mode: tunnel (not trans port)

opportunis tic encryptio n: no

aggressive mode: no

Common Name An entry for common name; for exam ple, the host name or fully qualified

domain name. This field is case sensitive in order to successfully match the

information in the peer SSL/TLS certificate.

Data Options: Maximum 64 characters

Email An entry for an email address; for example, acct@anycompany.com. This field

is case sensitive in order to successfully match the information in the peer

SSL/TLS certificate.

Data Options: Maximum 64 characters