Filter
Top Products
24
Chapter 5: Configuring the Gateway
The Security Tab
ADSL2 Gateway with 4-Port Switch
multiple tunnels and does not have to match the name used at the other end of the tunnel. To delete a tunnel
entry, select the tunnel, then click Delete. To view a summary of the settings, click Summary.
• Local Secure Group and Remote Secure Group. The Local Secure Group is the computer(s) on your LAN that
can access the tunnel. The Remote Secure Group is the computer(s) on the remote end of the tunnel that can
access the tunnel. These computers can be specified by a Subnet, specific IP address, or range.
• Local Security Gateway.
• Remote Security Gateway. The Remote Security Gateway is the VPN device, such as a second VPN Gateway,
on the remote end of the VPN tunnel. Enter the IP Address or Domain of the VPN device at the other end of the
tunnel. The remote VPN device can be another VPN Gateway, a VPN Server, or a computer with VPN client
software that supports IPSec. The IP Address may either be static (permanent) or dynamic (changing),
depending on the settings of the remote VPN device. Make sure that you have entered the IP Address
correctly, or the connection cannot be made. Remember, this is NOT the IP Address of the local VPN Gateway,
but the IP Address of the remote VPN Gateway or device with which you wish to communicate. If you enter an
IP address, only the specific IP Address will be able to acess the tunnel. If you select Any, any IP Address can
access the tunnel.
• Encryption. Using Encryption also helps make your connection more secure. There are two different types of
encryption: DES or 3DES (3DES is recommended because it is more secure). You may choose either of these,
but it must be the same type of encryption that is being used by the VPN device at the other end of the tunnel.
Or, you may choose not to encrypt by selecting Disable. In Figure 5-19, DES (which is the default) has been
selected.
• Authentication. Authentication acts as another level of security. There are two types of authentication: MD5
and SHA (SHA is recommended because it is more secure). As with encryption, either of these may be
selected, if the VPN device at the other end of the tunnel is using the same type of authentication. Or, both
ends of the tunnel may choose to Disable authentication. In the Manual Key Management screen, MD5 (the
default) has been selected.
• Key Management. Select Auto (IKE) or Manual from the drop-down menu. The two methods are described
below.
Auto (IKE)
Select Auto (IKE) and enter a series of numbers or letters in the Pre-shared Key field. Based on this word,
which MUST be entered at both ends of the tunnel if this method is used, a key is generated to scramble
(encrypt) the data being transmitted over the tunnel, where it is unscrambled (decrypted). You may use any
combination of up to 24 numbers or letters in this field. No special characters or spaces are allowed. In the
Key Lifetime field, you may select to have the key expire at the end of a time period. Enter the number of
seconds you’d like the key to be useful, or leave it blank for the key to last indefinitely. Check the box next to
PFS (Perfect Forward Secrecy) to ensure that the initial key exchange and IKE proposals are secure.
Figure 5-15: VPN
Figure 5-16: VPN Settings Summary