VPN

Common Name

An entry for common name; for example, the host name or fully qualified

 

domain name. This field is case sensitive in order to successfully match the

 

information in the peer SSL/TLS certificate.

 

Data Options: Maximum 64 characters

Email

An entry for an email address; for example, acct@anycompany.com. This field

 

is case sensitive in order to successfully match the information in the peer

 

SSL/TLS certificate.

 

Data Options: Maximum 64 characters

VPN

Overview

A Virtual Private Network (VPN) creates a secure, dedicated communications network tunnelled through another network.

You can configure the IOLAN for:

za host-to-host Virtual Private Network (VPN) connection

za host-to-network VPN connection

za network-to-network VPN connection

zor host/network-to-IOLAN VPN connection (allowing serial devices connected to the IOLAN to communicate data to a host/network).

In addition to being able to configure up to 64 IPsec tunnels, you can configure an L2TP/IPsec tunnel that will allow hosts to create a VPN tunnel to the IOLAN. The L2TP/IPsec VPN protocol is required by the Windows XP operating system.Windows Vista and Server 2008 support both VPN protocols.

Note: Before you enable/configure any VPN tunnels, you should configure any exceptions or you might not be able to access the IOLAN except through a VPN tunnel or the console port. See Exceptions on page 228 for more information about exceptions.

Note: If you are configuring IPsec and/or L2TP/IPsec, you must also enable the IPsec service found in Security, Services navigation tree.

Functionality

The information in this section applies only to setting up IPsec VPN tunnels, not L2TP/IPsec VPN tunnels.

The IOLAN can be configured as a VPN gateway using the IPsec protocol. You can configure the VPN connection using two IOLANs as the local and remote VPN gateways or the IOLAN as the local VPN gateway and a host/server running the VPN software as the remote VPN gateway.

If the VPN tunnel is being configured for an IPv6 network that is going through a router(s), the router(s) must have manual IPv6 address entry capability, similar to what Windows Vista provides.

VPN servers/clients can support various VPN parameters. However, the following parameters are REQUIRED to be set to the following values to support a VPN tunnel between the IOLAN and a VPN server/client:

perfect forward secrecy: no

protocol: ESP

mode: tunnel (not transport)

opportunistic encryption: no

aggressive mode: no

221

Page 220 Page 222
Page 221
Image 221
Perle Systems SCS, STS manual Vpn
Page 220 Page 222
Top Page Image Contents