Kerio Tech Firewall6 Network Router User Manual


 
Chapter 15 Advanced security features
218
15.3 VPN using IPSec Protocol
IPsec (IP Security Protocol) is an extended IP protocol which enables secure data trans-
fer. It provides services similar to SSL/TLS, however, these services are provided on
a network layer. IPSec can be used for creation of encrypted tunnels between networks
(VPN) — so called tunnel mode, or for encryption of traffic between two hosts— so called
transport mode.
WinRoute includes so called IPSec pass-through. This implies that WinRoute does not
include tools for establishing an IPSec connection (tunnel), however, it is able to detect
IPSec protocol and enable it for traffic between the local network and the Internet.
Note: The IPSec Pass-Through function guarantees full functionality of existing IPSec
clients and servers after deployment of WinRoute at the Internet gateway. If you consider
designing and implementation of new virtual private networks, we recommend you to
use the WinRoute proprietary VPN solution (see chapter 21).
IPSec preferences
IPSec preferences can be set in the IPSec pass-through area in the Security Settings tab of
the Configuration Advanced Options section. For detailed information on IPSec refer
to chapter WinRoute’s IPSec configuration.
Figure 15.5 IPSec pass-through settings (the Security
Settings tab under Configuration Advanced Options)
Enable
This option enables IPSec pass-through.
It is necessary to set idle timeout for IPSec connections (default time is 3600 sec-
onds which is exactly 1 hour). If no data is transferred for this time and a connec-
tion is not closed properly, WinRoute will consider the connection closed and the
pass-through is available to another computer (another IP address).
Enable pass-through only for hosts
It is possible to narrow the number of hosts using IPSec pass-through by defining
a certain scope of IP addresses (typically hosts on which IPSec clients will be run).
Use the Edit button to edit a selected IP group or to add a new one.