25
Chapter 5: Configuring the ADSL Gateway
The Security Tab
ADSL Gateway
• Delete: Click this button to delete the selected tunnel.
• Summary: Click this button to see a summary of your IPSec settings and the tunnels’ status.
• IPSec VPN Tunnel: Click Enabled to enable the selected tunnel, or Disabled to disable it.
• Tunnel Name: Click and type in this box to give the selected tunnel a name. A name is required, but is only
for your reference and need not match the name used at the remote gateway or client.
• Local Secure Group: To give an entire local network access to the tunnel, select Subnet and enter the network
address and mask. To give a particular host access to the tunnel, select IP Address and enter the host’s
address and mask.
• Local Security Gateway: If you have multiple PVCs, open this list and select the PVC you wish to use for the
VPN tunnel.
• Remote Secure Group: Use this control to specify the remote device or devices that will be granted access to
the tunnel. This can be the public IP address of a network or host; the IP address and mask of a remote
subnet; Host, that is, identical to the Remote Security Gateway setting; or Any, which allows any device with
permission from the remote security gateway to access the tunnel.
• Remote Security Gateway: Use the controls in this section to specify the remote endpoint of the IPSec tunnel,
whether it will be a gateway or a client. Select IP Address or FQDN (fully qualified domain name) and input
the correct address or name; or select Any, which allows any machine with the correct IPSec settings to act
as the remote endpoint of the tunnel.
• Encryption: To have communication through the tunnel encrypted, select DES (Data Encryption Standard)
or 3DES (Triple DES). To leave communication unencryped, select Disable.
• Authentication: Authentication verifies the identity of the remote machine and the integrity of the data
received. Set this control to MD5 (Message Digest 5) or SHA (Secure Hash Algorithm). SHA is newer, and
generally considered more secure, than MD5.
• Key Management: A key is a string of letters and/or numbers that is used for authentication or encryption. Key
management can be automatic (performed by IKE, the Internet Key Exchange protocol) or manual.
• To use automatic key management, select Auto.(IKE), enter the pre-shared key and the key lifetime, and
enable or disable PFS (perfect forward secrecy). The key should be a string of 8 to 23 characters
representing no dictionary word or numeric pattern. PFS enhances security by enabling automatic re-
keying. The settings must exactly match those at the remote end of the tunnel.
Figure 5-20: VPN Settings Summary