Page 76 / 123 Scroll up to view Page 71 - 75
VPN
73
Move
There are 2 ways to change the order of policies:
Use the up and down indicators on the right to move the selected
row. You must confirm your changes by clicking "OK". If you
change your mind before clicking "OK", click "Cancel" to reverse
your changes.
Click "Move" to directly specify a new location for the selected
policy.
Enable/Disable
Use this to toggle the On/Off state of the selected policy.
Copy
If you wish to create a policy which is similar to an existing policy,
select the policy and click the "Copy" button.
Remember that the new policy must have a different name, and there can
only be one active (enabled) policy for each remote VPN endpoint.
Delete
To delete an exiting policy, select it and click the "Delete" button.
View Log
Clicking the "View Log" button will open a new window and display the
VPN log.
Adding a New Policy
1.
To create a new VPN Policy, click the "Add" button on the
VPN Policies
screen. This will
start the VPN Wizard, as shown below.
Figure 48: VPN Wizard - Start
If you prefer to use a single setup screen instead of a Wizard, click the
Setup Screen
button. This is recommended for experienced users only.
Otherwise, click
Next
to continue. You will see a screen like the following.
Page 77 / 123
TW100-BRV204 User Guide
74
Figure 49: VPN Wizard - General
Policy Name
Enter a suitable name. This name is not supplied to the remote VPN. It is
used only to help you manage the policies.
Enable Policy
Enable or disable the policy as required. For each remote VPN, only 1
policy can be enabled at any time.
Remote VPN
Endpoint
The Internet IP address of the remote VPN endpoint (Gateway or client).
Dynamic
. Select this if the Internet IP address is unknown. In this
case, only incoming connections are possible.
Fixed
. Select this if the remote endpoint has a fixed Internet IP
address, and enter the IP address.
Domain Name
. Select this if the remote endpoint has a Domain
Name, and enter the Domain Name.
Keys
Select
Manually assigned
or
IKE
(Internet Key Exchange) as required.
If you are setting up both endpoints, using IKE is recommended.
2.
Click
Next
to continue. You will see a screen like the following:
Page 78 / 123
VPN
75
Figure 50: VPN Wizard - Traffic Selector
For outgoing VPN connections, these settings determine which traffic will cause a VPN
tunnel to be created, and which traffic will be sent through the tunnel.
For incoming VPN connections, these settings determine which systems on your local
LAN will be available to the remote endpoint.
The 2 VPN endpoints MUST use different address ranges.
If the addresses were in the same range, traffic intended for the remote VPN would be
considered local LAN traffic. So it would not be forwarded to the Gateway.
Type
Any
- no additional data is required. Any IP address is accept-
able.
For outgoing connections, this allows any PC on the LAN to
use the VPN tunnel.
For incoming connections, this allows an PC using the re-
mote endpoint to access any PC on your LAN.
Single address
- enter an IP address in the "Start IP address"
field.
Range address
- enter the starting IP address in the "Start IP
address" field, and the finish IP address in the "Finish IP ad-
dress" field.
Subnet address
- enter the desired IP address in the "Start IP
address" field, and the network mask in the "Subnet Mask" field.
The remote VPN must have these IP addresses entered as it's "Re-
mote" addresses.
Page 79 / 123
TW100-BRV204 User Guide
76
Type
Single address
- enter an IP address in the "Start IP address"
field.
Range address
- enter the starting IP address in the "Start IP
address" field, and the finish IP address in the "Finish IP ad-
dress" field.
Subnet address
- enter the desired IP address in the "Start IP
address" field, and the network mask in the "Subnet Mask" field.
The remote VPN should have these IP addresses entered as it's
"Local" addresses.
3.
Click
Next
to continue. The screen you will see depends on whether you previously
selected "Manual Key Exchange" or "IKE".
Manual Key Exchange
Figure 51: VPN Wizard - Manual Key Exchange
Page 80 / 123
VPN
77
These settings must match the remote VPN. Note that you cannot use both AH and ESP.
AH Authentication
AH (Authentication Header) specifies the authentication protocol
for the VPN header, if used. (AH is often NOT used)
If AH is not enabled, the following settings can be ignored.
Keys
The "in" key here must match the "out" key on the remote
VPN, and the "out" key here must match the "in" key on the
remote VPN.
Keys can be in ASCII or Hex (0..9 A..F)
For MD5, the keys should be 32 hex/16 ASCII characters.
For SHA-1, the keys should be 40 hex/20 ASCII characters.
SPI
Each SPI (Security Parameter Index) must be unique.
The "in" SPI here must match the "out" SPI on the remote
VPN, and the "out" SPI here must match the "in" SPI on the
remote VPN.
Each SPI should be at least 3 characters.
ESP Encryption
ESP (Encapsulating Security Payload) provides security for the
payload (data) sent through the VPN tunnel. Generally, you will
want to enable both Encryption and Authentication.
The "3DES" algorithm provides greater security than "DES",
but is slower.
The "in" key here must match the "out" key on the remote
VPN, and the "out" key here must match the "in" key on the
remote VPN.
ESP Authentication
Generally, you should enable ESP Authentication. There is little
difference between the available algorithms. Just ensure each
endpoint use the same setting.
The "in" key here must match the "out" key on the remote
VPN, and the "out" key here must match the "in" key on the
remote VPN.
Keys can be in ASCII or Hex (0..9 A..F)
For MD5, the keys should be 32 hex/16 ASCII characters.
For SHA-1, the keys should be 40 hex/20 ASCII characters.
ESP SPI
This is required if either ESP Encryption or ESP Authentica-
tion is enabled.
Each SPI (Security Parameter Index) must be unique.
The "in" SPI here must match the "out" SPI on the remote
VPN, and the "out" SPI here must match the "in" SPI on the
remote VPN.
Each SPI should be at least 3 characters.
For Manual Key Exchange, configuration is now complete.
Click "Next" to view the final screen.
On the final screen, click "Finish" to save your settings, then "Close" to exit the Wizard.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top