Page 61 / 127 Scroll up to view Page 56 - 60
50
Chapter 6: Setting up and Configuring the Router
VPN Tab - Summary
10/100 16-Port VPN Router
VPN Tab - Summary
This screen displays general information about the VPN tunnels and GroupVPNs.
Summary. This shows the number of VPN Tunnel(s) Used and Tunnel(s) Available. The Router supports up to 50
tunnels.
Detail. Click the
Detail
button to see additional information about the VPN tunnels. For each tunnel, you can view
its Name, Status, Phase 2 Encryption/Authentication/Group, Local Group, Remote Group, and Remote Gateway.
You can save or print this screen. Click the
Close
button to exit this screen.
Tunnel Status
Add New Tunnel. Click the
Add New Tunnel
button to add a Gateway-to-Gateway tunnel or a Client-to-Gateway
tunnel. A new screen will appear and show the two types of VPN tunnels you can create.
Select the kind of tunnel you want to add.
Gateway to Gateway. The Gateway-to-Gateway tunnel is a tunnel created between two VPN Routers or other VPN
devices. Click the
Add Now
button to see the
Gateway to Gateway
screen. Proceed to the Gateway to Gateway
section for further instructions.
Client to Gateway. The Client to Gateway tunnel is a tunnel created between the VPN Router and the client host
who is using VPN client software that supports IPSec. Click the
Add Now
button to see the
Client to Gateway
screen. Proceed to the Client to Gateway section for further instructions.
After you have added the VPN tunnels, you will see them listed in the Tunnel table, which describes all VPN
tunnels, including the tunnels defined under GroupVPN. If the Tunnel table has multiple pages, you can click
Previous page or Next page to jump to the page that you want to see. You can also select a different page to view
from the
Jump to
drop-down menu. If you want more or fewer entries listed per page, select a different number
from the
entries per page
drop-down menu.
Tunnel No. It shows the number of the VPN tunnel.
Tunnel Name. It shows the Tunnel Name that you gave the VPN tunnel or group VPN.
Status. This indicates the status of the VPN tunnel.
If you selected Manual Keying Mode in the IPSec Setup section, then the status will display the message,
“Manual,” and there will be no Tunnel Test function available.
Figure 6-49: Types of VPN Tunnels
Figure 6-47: VPN Summary
Figure 6-48: VPN Tunnel Details
Downloaded from
www.Manualslib.com
manuals search engine
Page 62 / 127
51
Chapter 6: Setting up and Configuring the Router
VPN Tab - Summary
10/100 16-Port VPN Router
Phase2 Enc/Auth/Grp. This shows the Phase 2 Encryption type (DES/3DES), Authentication method (MD5/SHA1),
and DH Group number (1/2/5) that you chose in the IPSec Setup section.
If you selected Manual Keying Mode in the IPSec Setup section, then there is no Phase 2 DH Group, so only the
Encryption type and Authentication method will be displayed.
Local Group. This shows the IP address and subnet mask of the Local Group.
Remote Group. The IP address and subnet mask of the Remote Group are displayed here.
Remote Gateway. It shows the IP address of the Remote Gateway.
Tunnel Test. Click the
Connect
button to verify the status of the VPN tunnel. The test result will be updated in the
Status column. If the tunnel is connected, a
Disconnect
button will be available so you can terminate the VPN
connection. (If you selected Manual Keying Mode in the IPSec Setup section, the Tunnel Test will not be available.)
Config. Click the
Edit
button to open a new screen where you can change the tunnel’s settings. Refer to the
Gateway to Gateway or Gateway to Client section for more information. Click the
Trash Can
icon to delete all of
your tunnel settings for each individual tunnel.
Tunnel(s) Enabled and Tunnel(s) Defined. These read-only fields show the number of VPN tunnels that are enabled
and number of VPN tunnels that are defined. The number of tunnels enabled may be fewer than the number of
tunnels defined because you can disable any of the tunnels that you have defined.
GroupVPN Status
If you did not enable any Group VPN connections, then none will be listed in the GroupVPN table.
Group Name. It shows the name you gave the Group VPN on the
Client to Gateway
screen.
Connected Tunnels. This shows the number of connected tunnels.
Phase2 Enc/Auth/Grp. This shows the Phase 2 Encryption type (DES/3DES), Authentication method (MD5/SHA1),
and DH Group number (1/2/5) that you chose in the IPSec Setup section.
Local Group. This shows the IP address and subnet mask of the Local Group.
Remote Client. The remote client setup that you’ve chosen will be displayed here.
Remote Client Status. If you click the
Detail
List
button, you will see information about this Group VPN. You can
view its Group Name, IP address, and Connection Time. Click the
Refresh
button to update the status information.
Click the
Close
button to exit this screen.
Figure 6-50: GroupVPN List
Downloaded from
www.Manualslib.com
manuals search engine
Page 63 / 127
52
Chapter 6: Setting up and Configuring the Router
VPN Tab - Gateway to Gateway
10/100 16-Port VPN Router
Tunnel Test. Click the
Connect
button to verify the status of a VPN tunnel. The test result will be updated in the
Status column. If the tunnel is connected, a
Disconnect
button will be available so you can terminate the VPN
connection.
Config. Click the
Edit
button to open a new screen where you can change the tunnel’s settings. Click the
Trash
Can
icon to delete all of your tunnel settings.
VPN Tab - Gateway to Gateway
Use this screen to create a new tunnel between two VPN devices.
Add a New Tunnel
Tunnel No. A tunnel number between 1-50 will be automatically generated.
Tunnel Name. Enter a name for this VPN tunnel, such as Los Angeles Office, Chicago Branch, or New York
Division. This allows you to identify multiple tunnels and does not have to match the name used at the other end
of the tunnel.
Interface. Select the appropriate Interface (WAN1, WAN2...) from the pull-down menu. If you designate more than
two WAN ports on the Network or Port Management page, then additional WAN ports will be available.
Enable. Check this box to enable a VPN tunnel. (When creating a VPN tunnel, this checkbox will be disabled.)
Local Group Setup
Local Security Gateway Type
Select one of these five available types:
IP Only
,
IP + Domain Name(FQDN) Authentication
,
IP + E-mail
Addr.(USER FQDN) Authentication
,
Dynamic IP + Domain Name(FQDN) Authentication
, or
Dynamic IP +
E-mail Addr.(USER FQDN) Authentication
.
(If you want to use a Fully Qualified Domain Name (FQDN) for authentication but you do not have one, visit
www.dyndns.org to set up a Dynamic Domain Name System (DDNS) account. Then enable and configure the
10/100 16-Port VPN Router’s DDNS settings on the
DDNS
screen.)
The Local Security Gateway Type you select should match the Remote Security Gateway Type selected on the VPN
device at the other end of the tunnel.
After you have selected the Local Security Gateway Type, the settings available on this screen may change,
depending on which selection you have made.
Figure 6-51: Gateway to Gateway
Downloaded from
www.Manualslib.com
manuals search engine
Page 64 / 127
53
Chapter 6: Setting up and Configuring the Router
VPN Tab - Gateway to Gateway
10/100 16-Port VPN Router
IP Only. If you select IP Only, then only the computer with a specific IP address will be able to access the
tunnel. The WAN (or Internet) IP address of the Router will automatically appear in the
IP address
field.
IP + Domain Name(FQDN) Authentication. If you select this type, enter the FQDN (Fully Qualified Domain
Name) in the
Domain Name
field, and an IP address will automatically appear in the
IP address
field. The
FQDN is the host name and domain name for a specific computer on the Internet. An example of a FQDN is
vpn.myvpnserver.com. The FQDN and IP address must match the FQDN and IP address of the Remote Security
Gateway type selected on the remote VPN device at the other end of the tunnel. The FQDN and IP can be used
for only one tunnel connection.
IP + E-mail Addr.(USER FQDN) Authentication. If you select this type, enter the appropriate e-mail address in
the
E-mail address
fields, and an IP address will automatically appear in the
IP address
field.
Dynamic IP + Domain Name(FQDN) Authentication. If the Local Security Gateway has a dynamic IP and you
want to use the Domain Name for authentication, then select this type. When the Remote Security Gateway
asks to create a tunnel with the Router, the Router will work as a responder. For authentication, complete the
Domain Name
field, and make sure it matches the Domain Name set on the Remote Security Gateway of the
remote VPN device. The Domain Name can be used for only one tunnel connection, so you can’t use the same
Domain Name to create another new tunnel connection.
Dynamic IP + E-mail Addr.(USER FQDN) Authentication. If the Local Security Gateway has a dynamic IP and
you want to use the e-mail address for authentication, then select this type. When the Remote Security
Gateway asks to create a tunnel with the Router, the Router will work as a responder. For authentication,
enter the appropriate e-mail address in the
E-mail address
fields.
Local Security Group Type
Select the local LAN user(s) behind the Router that can use this VPN tunnel. Select one of these three available
types:
IP
,
Subnet
, or
IP Range
. The Local Security Group Type you select should match the Remote Security
Group Type selected on the VPN device at the other end of the tunnel.
After you have selected the Local Security Group Type, the settings available on this screen may change,
depending on which selection you have made.
IP. If you select IP, then only the computer with a specific IP address will be able to access the tunnel. Enter
the appropriate IP address. The default IP is
192.168.1.0
.
Subnet. If you select Subnet, which is the default, then all computers on the local subnet will be able to
access the tunnel. Complete the
IP address
and
Subnet Mask
fields. The default IP is
192.168.1.0
, and the
default Subnet Mask is
255.255.255.0
.
Figure 6-53: Local Security Gateway Type -
IP + Domain Name (FQDN) Authentication
Figure 6-54: Local Security Gateway Type -
IP + E-mail Addr. (USER FQDN) Authentication
Figure 6-55: Local Security Gateway Type -
Dynamic IP + Domain Name (FQDN) Authentication
Figure 6-56: Local Security Gateway Type -
Dynamic IP + E-mail Addr. (USER FQDN) Authentication
Figure 6-57: Local Security Group Type - IP
Figure 6-58: Local Security Group Type - Subnet
Figure 6-52: Local Security Gateway Type - IP Only
Downloaded from
www.Manualslib.com
manuals search engine
Page 65 / 127
54
Chapter 6: Setting up and Configuring the Router
VPN Tab - Gateway to Gateway
10/100 16-Port VPN Router
IP Range. If you select IP Range, then you can specify a range of IP addresses within the subnet that will be
able to access the tunnel. Complete the
IP range
fields. The default IP Range is
192.168.1.0~254
.
Remote Group Setup
Before you configure the Remote Group Setup, make sure your VPN tunnel will have two different IP subnets. For
example, if the local 10/100 16-Port VPN Router has an IP scheme of 192.168.1.x (x being a number from 1 to
254), then the remote VPN router should have a different IP scheme, such as 192.168.2.y (y being a number from
1 to 254). Otherwise, the IP addresses will conflict, and the VPN tunnel cannot be created.
Remote Security Gateway Type
Select one of these five available types:
IP Only
,
IP + Domain Name(FQDN) Authentication
,
IP + E-mail
Addr.(USER FQDN) Authentication
,
Dynamic IP + Domain Name(FQDN) Authentication
, or
Dynamic IP +
E-mail Addr.(USER FQDN) Authentication
.
(If you want the remote VPN router to use a Fully Qualified Domain Name (FQDN) for authentication but it does not
have one, visit www.dyndns.org to set up a Dynamic Domain Name System (DDNS) account. Then enable and
configure the remote VPN router’s DDNS feature.)
The Remote Security Gateway Type you select should match the Local Security Gateway Type selected on the VPN
device at the other end of the tunnel.
After you have selected the Remote Security Gateway Type, the settings available on this screen may change,
depending on which selection you have made.
IP Only. If you select IP Only, then only the computer with a specific IP address will be able to access the
tunnel. In the
IP address
field, enter the IP address of the remote VPN device at the other end of the tunnel.
(This must be a static or fixed IP address only.)
IP + Domain Name(FQDN) Authentication. If you select this type, enter the FQDN (Fully Qualified Domain
Name) and IP address of the remote VPN device at the other end of the tunnel. (Enter the FQDN in the
Domain
Name
field, and enter the IP address in the
IP address
field.) The FQDN is the host name and domain name for
a specific computer on the Internet. An example of a FQDN is vpn.remotevpnserver.com. The FQDN and IP
address must match the FQDN and IP address of the Local Security Gateway type selected on the remote VPN
device at the other end of the tunnel. The FQDN and IP can be used for only one tunnel connection.
IP + E-mail Addr.(USER FQDN) Authentication. If you select this type, enter the e-mail address and IP address
of the remote VPN device at the other end of the tunnel.
Figure 6-60: Remote Security Gateway Type - IP Only
Figure 6-61: Remote Security Gateway Type -
IP + Domain Name (FQDN) Authentication
Figure 6-62: Remote Security Gateway Type -
IP + E-mail Addr. (USER FQDN) Authentication
Figure 6-59: Local Security Group Type - IP Range
Downloaded from
www.Manualslib.com
manuals search engine

Rate

4.7 / 5 based on 3 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top