50

Chapter 6: Setting up and Configuring the Router

VPN Tab - Summary

10/100 16-Port VPN Router

VPN Tab - Summary

This screen displays general information about the VPN tunnels and GroupVPNs.

Summary. This shows the number of VPN Tunnel(s) Used and Tunnel(s) Available. The Router supports up to 50

tunnels.

Detail. Click the

Detail

button to see additional information about the VPN tunnels. For each tunnel, you can view

its Name, Status, Phase 2 Encryption/Authentication/Group, Local Group, Remote Group, and Remote Gateway.

You can save or print this screen. Click the

Close

button to exit this screen.

Tunnel Status

Add New Tunnel. Click the

Add New Tunnel

button to add a Gateway-to-Gateway tunnel or a Client-to-Gateway

tunnel. A new screen will appear and show the two types of VPN tunnels you can create.

Select the kind of tunnel you want to add.

Gateway to Gateway. The Gateway-to-Gateway tunnel is a tunnel created between two VPN Routers or other VPN

devices. Click the

Add Now

button to see the

Gateway to Gateway

screen. Proceed to the Gateway to Gateway

section for further instructions.

Client to Gateway. The Client to Gateway tunnel is a tunnel created between the VPN Router and the client host

who is using VPN client software that supports IPSec. Click the

Add Now

button to see the

Client to Gateway

screen. Proceed to the Client to Gateway section for further instructions.

After you have added the VPN tunnels, you will see them listed in the Tunnel table, which describes all VPN

tunnels, including the tunnels defined under GroupVPN. If the Tunnel table has multiple pages, you can click

Previous page or Next page to jump to the page that you want to see. You can also select a different page to view

from the

Jump to

drop-down menu. If you want more or fewer entries listed per page, select a different number

from the

entries per page

drop-down menu.

Tunnel No. It shows the number of the VPN tunnel.

Tunnel Name. It shows the Tunnel Name that you gave the VPN tunnel or group VPN.

Status. This indicates the status of the VPN tunnel.

If you selected Manual Keying Mode in the IPSec Setup section, then the status will display the message,

“Manual,” and there will be no Tunnel Test function available.

Figure 6-49: Types of VPN Tunnels

Figure 6-47: VPN Summary

Figure 6-48: VPN Tunnel Details

Downloaded from

www.Manualslib.com

manuals search engine

51

Chapter 6: Setting up and Configuring the Router

VPN Tab - Summary

10/100 16-Port VPN Router

Phase2 Enc/Auth/Grp. This shows the Phase 2 Encryption type (DES/3DES), Authentication method (MD5/SHA1),

and DH Group number (1/2/5) that you chose in the IPSec Setup section.

If you selected Manual Keying Mode in the IPSec Setup section, then there is no Phase 2 DH Group, so only the

Encryption type and Authentication method will be displayed.

Local Group. This shows the IP address and subnet mask of the Local Group.

Remote Group. The IP address and subnet mask of the Remote Group are displayed here.

Remote Gateway. It shows the IP address of the Remote Gateway.

Tunnel Test. Click the

Connect

button to verify the status of the VPN tunnel. The test result will be updated in the

Status column. If the tunnel is connected, a

Disconnect

button will be available so you can terminate the VPN

connection. (If you selected Manual Keying Mode in the IPSec Setup section, the Tunnel Test will not be available.)

Config. Click the

Edit

button to open a new screen where you can change the tunnel’s settings. Refer to the

Gateway to Gateway or Gateway to Client section for more information. Click the

Trash Can

icon to delete all of

your tunnel settings for each individual tunnel.

Tunnel(s) Enabled and Tunnel(s) Defined. These read-only fields show the number of VPN tunnels that are enabled

and number of VPN tunnels that are defined. The number of tunnels enabled may be fewer than the number of

tunnels defined because you can disable any of the tunnels that you have defined.

GroupVPN Status

If you did not enable any Group VPN connections, then none will be listed in the GroupVPN table.

Group Name. It shows the name you gave the Group VPN on the

Client to Gateway

screen.

Connected Tunnels. This shows the number of connected tunnels.

Phase2 Enc/Auth/Grp. This shows the Phase 2 Encryption type (DES/3DES), Authentication method (MD5/SHA1),

and DH Group number (1/2/5) that you chose in the IPSec Setup section.

Local Group. This shows the IP address and subnet mask of the Local Group.

Remote Client. The remote client setup that you’ve chosen will be displayed here.

Remote Client Status. If you click the

Detail

List

button, you will see information about this Group VPN. You can

view its Group Name, IP address, and Connection Time. Click the

Refresh

button to update the status information.

Click the

Close

button to exit this screen.

Figure 6-50: GroupVPN List

Downloaded from

www.Manualslib.com

manuals search engine

52

Chapter 6: Setting up and Configuring the Router

VPN Tab - Gateway to Gateway

10/100 16-Port VPN Router

Tunnel Test. Click the

Connect

button to verify the status of a VPN tunnel. The test result will be updated in the

Status column. If the tunnel is connected, a

Disconnect

button will be available so you can terminate the VPN

connection.

Config. Click the

Edit

button to open a new screen where you can change the tunnel’s settings. Click the

Trash

Can

icon to delete all of your tunnel settings.

VPN Tab - Gateway to Gateway

Use this screen to create a new tunnel between two VPN devices.

Add a New Tunnel

Tunnel No. A tunnel number between 1-50 will be automatically generated.

Tunnel Name. Enter a name for this VPN tunnel, such as Los Angeles Office, Chicago Branch, or New York

Division. This allows you to identify multiple tunnels and does not have to match the name used at the other end

of the tunnel.

Interface. Select the appropriate Interface (WAN1, WAN2...) from the pull-down menu. If you designate more than

two WAN ports on the Network or Port Management page, then additional WAN ports will be available.

Enable. Check this box to enable a VPN tunnel. (When creating a VPN tunnel, this checkbox will be disabled.)

Local Group Setup

Local Security Gateway Type

Select one of these five available types:

IP Only

,

IP + Domain Name(FQDN) Authentication

,

IP + E-mail

Addr.(USER FQDN) Authentication

,

Dynamic IP + Domain Name(FQDN) Authentication

, or

Dynamic IP +

E-mail Addr.(USER FQDN) Authentication

.

(If you want to use a Fully Qualified Domain Name (FQDN) for authentication but you do not have one, visit

www.dyndns.org to set up a Dynamic Domain Name System (DDNS) account. Then enable and configure the

10/100 16-Port VPN Router’s DDNS settings on the

DDNS

screen.)

The Local Security Gateway Type you select should match the Remote Security Gateway Type selected on the VPN

device at the other end of the tunnel.

After you have selected the Local Security Gateway Type, the settings available on this screen may change,

depending on which selection you have made.

Figure 6-51: Gateway to Gateway

Downloaded from

www.Manualslib.com

manuals search engine

53

Chapter 6: Setting up and Configuring the Router

VPN Tab - Gateway to Gateway

10/100 16-Port VPN Router

IP Only. If you select IP Only, then only the computer with a specific IP address will be able to access the

tunnel. The WAN (or Internet) IP address of the Router will automatically appear in the

IP address

field.

IP + Domain Name(FQDN) Authentication. If you select this type, enter the FQDN (Fully Qualified Domain

Name) in the

Domain Name

field, and an IP address will automatically appear in the

IP address

field. The

FQDN is the host name and domain name for a specific computer on the Internet. An example of a FQDN is

vpn.myvpnserver.com. The FQDN and IP address must match the FQDN and IP address of the Remote Security

Gateway type selected on the remote VPN device at the other end of the tunnel. The FQDN and IP can be used

for only one tunnel connection.

IP + E-mail Addr.(USER FQDN) Authentication. If you select this type, enter the appropriate e-mail address in

the

E-mail address

fields, and an IP address will automatically appear in the

IP address

field.

Dynamic IP + Domain Name(FQDN) Authentication. If the Local Security Gateway has a dynamic IP and you

want to use the Domain Name for authentication, then select this type. When the Remote Security Gateway

asks to create a tunnel with the Router, the Router will work as a responder. For authentication, complete the

Domain Name

field, and make sure it matches the Domain Name set on the Remote Security Gateway of the

remote VPN device. The Domain Name can be used for only one tunnel connection, so you can’t use the same

Domain Name to create another new tunnel connection.

Dynamic IP + E-mail Addr.(USER FQDN) Authentication. If the Local Security Gateway has a dynamic IP and

you want to use the e-mail address for authentication, then select this type. When the Remote Security

Gateway asks to create a tunnel with the Router, the Router will work as a responder. For authentication,

enter the appropriate e-mail address in the

E-mail address

fields.

Local Security Group Type

Select the local LAN user(s) behind the Router that can use this VPN tunnel. Select one of these three available

types:

IP

,

Subnet

, or

IP Range

. The Local Security Group Type you select should match the Remote Security

Group Type selected on the VPN device at the other end of the tunnel.

After you have selected the Local Security Group Type, the settings available on this screen may change,

depending on which selection you have made.

IP. If you select IP, then only the computer with a specific IP address will be able to access the tunnel. Enter

the appropriate IP address. The default IP is

192.168.1.0

.

Subnet. If you select Subnet, which is the default, then all computers on the local subnet will be able to

access the tunnel. Complete the

IP address

and

Subnet Mask

fields. The default IP is

192.168.1.0

, and the

default Subnet Mask is

255.255.255.0

.

Figure 6-53: Local Security Gateway Type -

IP + Domain Name (FQDN) Authentication

Figure 6-54: Local Security Gateway Type -

IP + E-mail Addr. (USER FQDN) Authentication

Figure 6-55: Local Security Gateway Type -

Dynamic IP + Domain Name (FQDN) Authentication

Figure 6-56: Local Security Gateway Type -

Dynamic IP + E-mail Addr. (USER FQDN) Authentication

Figure 6-57: Local Security Group Type - IP

Figure 6-58: Local Security Group Type - Subnet

Figure 6-52: Local Security Gateway Type - IP Only

Downloaded from

www.Manualslib.com

manuals search engine

54

Chapter 6: Setting up and Configuring the Router

VPN Tab - Gateway to Gateway

10/100 16-Port VPN Router

IP Range. If you select IP Range, then you can specify a range of IP addresses within the subnet that will be

able to access the tunnel. Complete the

IP range

fields. The default IP Range is

192.168.1.0~254

.

Remote Group Setup

Before you configure the Remote Group Setup, make sure your VPN tunnel will have two different IP subnets. For

example, if the local 10/100 16-Port VPN Router has an IP scheme of 192.168.1.x (x being a number from 1 to

254), then the remote VPN router should have a different IP scheme, such as 192.168.2.y (y being a number from

1 to 254). Otherwise, the IP addresses will conflict, and the VPN tunnel cannot be created.

Remote Security Gateway Type

Select one of these five available types:

IP Only

,

IP + Domain Name(FQDN) Authentication

,

IP + E-mail

Addr.(USER FQDN) Authentication

,

Dynamic IP + Domain Name(FQDN) Authentication

, or

Dynamic IP +

E-mail Addr.(USER FQDN) Authentication

.

(If you want the remote VPN router to use a Fully Qualified Domain Name (FQDN) for authentication but it does not

have one, visit www.dyndns.org to set up a Dynamic Domain Name System (DDNS) account. Then enable and

configure the remote VPN router’s DDNS feature.)

The Remote Security Gateway Type you select should match the Local Security Gateway Type selected on the VPN

device at the other end of the tunnel.

After you have selected the Remote Security Gateway Type, the settings available on this screen may change,

depending on which selection you have made.

IP Only. If you select IP Only, then only the computer with a specific IP address will be able to access the

tunnel. In the

IP address

field, enter the IP address of the remote VPN device at the other end of the tunnel.

(This must be a static or fixed IP address only.)

IP + Domain Name(FQDN) Authentication. If you select this type, enter the FQDN (Fully Qualified Domain

Name) and IP address of the remote VPN device at the other end of the tunnel. (Enter the FQDN in the

Domain

Name

field, and enter the IP address in the

IP address

field.) The FQDN is the host name and domain name for

a specific computer on the Internet. An example of a FQDN is vpn.remotevpnserver.com. The FQDN and IP

address must match the FQDN and IP address of the Local Security Gateway type selected on the remote VPN

device at the other end of the tunnel. The FQDN and IP can be used for only one tunnel connection.

IP + E-mail Addr.(USER FQDN) Authentication. If you select this type, enter the e-mail address and IP address

of the remote VPN device at the other end of the tunnel.

Figure 6-60: Remote Security Gateway Type - IP Only

Figure 6-61: Remote Security Gateway Type -

IP + Domain Name (FQDN) Authentication

Figure 6-62: Remote Security Gateway Type -

IP + E-mail Addr. (USER FQDN) Authentication

Figure 6-59: Local Security Group Type - IP Range

Downloaded from

www.Manualslib.com

manuals search engine