Page 131 / 351
Scroll up to view Page 126 - 130
131
Security
SafeHarbour IPSec VPN
SafeHarbour VPN IPSec Tunnel provides a single, encrypted tunnel to be
terminated on
the Gateway, making a secure tunnel available for
all
LAN- connected users. This imple-
mentation offers the following:
•
Eliminates the need for VPN client software on individual PCs.
•
Reduces the complexity of tunnel configuration.
•
Simplifies the ongoing maintenance for secure remote access.
If you have purchased the SafeHarbour IPSec feature key, the IPSec configuration screen
offers additional options.
Page 132 / 351
132
A typical SafeHarbour configuration is shown below:
Configuring a SafeHarbour VPN
Use the following procedure to configure your SafeHarbour tunnel.
1.
Obtain your configuration information from your network administrator.
The tables
“Parameter Descriptions” on page 136
describe the various parameters that
may be required for your tunnel. Not all of them need to be changed from the defaults
for every VPN tunnel. Consult with your network administrator.
2.
Complete the Parameter Setup worksheet
“IPSec Tunnel Details Parame-
ter Setup Worksheet” on page 133
.
The worksheet provides spaces for you to enter your own specific values. You can print
the page for easy reference. IPSec tunnel configuration requires precise parameter
setup between VPN devices. The Setup Worksheet (
page 133
) facilitates setup and
assures that the associated variables are
identical
.
Page 133 / 351
133
Security
Table 1: IPSec Tunnel Details Parameter Setup Worksheet
Parameter
Netopia Gateway
Peer Gateway
Name
Peer Internal Network
Peer Internal Netmask
NAT Enable
On/Off
PAT Address
Negotiation Method
Main/Aggressive
Local ID Type
IP Address
Subnet
Hostname
ASCII
Local ID Address/Value
Local ID Mask
Remote ID Type
IP Address
Subnet
Hostname
ASCII
Remote ID Address/Value
Remote ID Mask
Pre-Shared Key Type
HEX
ASCII
Pre-Shared Key
DH Group
1/2/5
PFS Enable
Off/On
SA Encrypt Type
DES
3DES
SA Hash Type
MD5
SHA1
Invalid SPI Recovery
Off/On
Soft MBytes
1 - 1000000
Soft Seconds
60 - 1000000
Hard MBytes
1 - 1000000
Hard Seconds
60 - 1000000
IPSec MTU
100 - 1500 (default)
Xauth Enable
Off/On
Xauth Username
Xauth Password
Page 134 / 351
134
3.
Be sure that you have SafeHarbour VPN enabled.
SafeHarbour is a keyed feature.
See “
Install Keys
” on page
184.
for information con-
cerning installing Netopia Software Feature Keys.
4.
Check the
Enab
le Saf
eHarbour IPSec
checkbox.
Checking this box will automatically display the
SafeHarbour IPSec Tunnel Entry
parameters.
Enter the initial group of tunnel parameters. Refer to your
Setup Worksheet
and the
“Parameter Descriptions” on page 136
as required.
5.
Enter the tunnel
Name
.
This is the only parameter that does not have to match the peer/remote VPN device.
6.
Enter the
P
eer External IP Ad
dress
.
7.
Select the
Encr
yption Pr
otocol
from the pull-down menu.
8.
Select the
A
uthentication Pr
otocol
from the pull-down menu.
9.
Click
Ad
d
.
The Tunnel Details page appears.
Page 135 / 351
135
Security
10.
Make the Tunnel Details
entries.
Enter or select the required set-
tings.
Refer to your
“IPSec Tunnel
Details Parameter Setup Work-
sheet” on page 133
.)
11.
Click
Update
.
The
Aler
t
button appears.
12.
Click the
Aler
t
button.
13.
Click
Sa
ve and Restar
t
.
Your SafeHarbour IPSec VPN tun-
nel is fully configured.
19216811.live