IPSec interoperability | SnapGear 1.7.8 specs

Checking the Enable Perfect Forward Secrecy of keys checkbox means that an attacker who acquires the SnapGear appliance’s long-term key (i.e. the pre-shared secret or RSA Signature Key Private Section) cannot:

•Read previous messages which they may have archived, or

•Read future messages without performing additional successful attacks

Perfect forward secrecy of keys provides the maximum security and is the recommended setting.

IPSec interoperability

Please see the Support Knowledge Base (http://www.SnapGear.com/knowledgebase.html) on the SnapGear Web Site (http://www.SnapGear.com/) for detailed information on successfully establishing IPSec tunnels between your SnapGear appliance and equipment from other vendors.

90

Virtual Private Networking

Image 93

SnapGear 1.7.8 manual IPSec interoperability

Contents

Rev May 2nd Table of contents Virtual Private Networking Introduction Term Meaning Terminology LAN TCP/IP Document conventions Step Chapter Installing and configuring your SnapGear appliance Your SnapGear appliance LEDsLabel Activity Description SnapGear appliance back panels Network interconnections Software features SnapGear appliance features Internet link features LAN link featuresDial-in connection features Environmental features Getting started Static IP reset 10.0.0.0 10.255.255.255 10/8 prefix New Networks 192.168.0.0 192.168.0.255 192.168.0/24 prefix Configuring the SnapGear appliance on your network Page Set up IP addresses Multiple SnapGear appliances were found on the network Your SnapGear appliance was found on the network Your SnapGear appliance needs an IP address SnapGear Management Console web administration pages Administrative password Using linsetip Initial setup using Linux Ping -b subnet broadcast address Arp -a Using an existing local Dhcp or Bootp server Edit the /etc/inetd.conf file Configuring a new local Dhcp or Bootp server SnapGear Quick Setup LAN port quick setup LAN port quick setup ISP connection quick setup ISP connection quick setup Getting started Configuring the PCs on your network TCP/IP properties Physically connect modem device Connecting to the Internet Select Internet connection Connect to Internet cable modemConnect to Internet Adsl Connect to Internet modem Connect to Internet direct Field Description ISP. The Password and Confirm Password fields must Internet failover Advanced configuration option Following figure shows the failover configuration screen Failed connection Establishing the connection Configure PCs to use SnapGear appliance Internet gateway Dial-in server configuration Dial-in server configuration Dial-in setup Dial-in setup Field Description Dial-in user account creation Dial-in user accounts Following figure shows the user maintenance screen Account list Dial-in password error For Windows 95 and Windows Remote user configuration Server types Connect to dialogue box Windows Click Next to continue 11 Connection availability 13 Remote access login screen IP configuration Network configuration Network configuration Advanced IP configuration Advanced IP configuration Network configuration Dhcp server Dhcp server configuration Network configuration Advanced networking Traffic shapingAdditional routes Firewall Incoming access Incoming access configuration Incoming access administration services Configure external access to services External access to services Port forwarding Port forwarding configuration Security group classes configuration Outgoing access Firewall rules Outgoing access settings Intrusion detection and blocking Intrusion detection and blocking configurationPage Content filtering Content filtering Filtering Level Description Filtering levels and reporting Virtual Private Networking 1VPN tunneling using the Pptp server Pptp client setup Pptp client configuration Pptp server setup Pptp server setup Enable and configure the Pptp VPN server Field Description 4PPTP VPN server accounts screen Configuring user accounts for VPN server Virtual Private Networking VPN Pptp IP address Configuring the remote VPN client Virtual Private Networking Windows 95 and Windows VPN client setup Your VPN client is now set up correctly Windows NT Network and dial-up connections This displays the Destination Address window Connecting the remote VPN client 12 IPSec setup IPSec setup 13 Add new IPSec connection Virtual Private Networking 14 Automatic keying setup Technique Description Aggressive mode phase 1 settings IPSec interoperability Password SystemTime server Advanced Diagnostics Reset button Flash upgrade Technical support Technical support LED Pattern Status Action Appendix a LED status patterns Appendix B System Log Access Logging Eth0 Default DenyEth1 Ppp Creating Custom Log Rules Forward Iptables -I Forward -j LOG -i eth+ -o eth+ -p tcp Rate Limiting Administrative Access Logging Boot Log Messages