55
Chapter 6: Setting up and Configuring the Router
VPN Tab - Gateway to Gateway
10/100 16-Port VPN Router
Dynamic IP + Domain Name(FQDN) Authentication. If the Remote Security Gateway has a dynamic IP and you
want to use the Domain Name for authentication, then select this type. When the Remote Security Gateway
asks to create a tunnel with the Router, the Router will work as a responder. For authentication, complete the
Domain Name field, and make sure it matches the Domain Name set on the Local Gateway of the remote VPN
device. (The Remote Security Gateway has a dynamic IP, so you do not need to enter an IP address.) The
Domain Name can be used for only one tunnel connection, so you can’t use the same Domain Name to create
another new tunnel connection.
Dynamic IP + E-mail Addr.(USER FQDN) Authentication. If the Remote Security Gateway has a dynamic IP and
you want to use the e-mail address for authentication, then select this type. When the Remote Security
Gateway asks to create a tunnel with the Router, the Router will work as a responder. For authentication,
enter the appropriate e-mail address in the E-mail address fields. (The Remote Security Gateway has a
dynamic IP, so you do not need to enter an IP address.)
Remote Security Group Type
Select the Remote Security Group behind the Remote Gateway that can use this VPN tunnel. Select one of these
three available types: IP, Subnet, or IP Range. The Remote Security Group Type you select should match the
Local Security Group Type selected on the VPN device at the other end of the tunnel.
After you have selected the Remote Security Group Type, the settings available on this screen may change,
depending on which selection you have made.
IP. If you select IP, then only the computer with a specific IP address will be able to access the tunnel. Enter
the appropriate IP address.
Subnet. If you select Subnet, which is the default, then all computers on the remote subnet will be able to
access the tunnel. Complete the IP address and Subnet Mask fields. The default Subnet Mask is
255.255.255.0.
IP Range. If you select IP Range, then you can specify a range of IP addresses within the subnet that will be
able to access the tunnel. Complete the IP range fields.
IPSec Setup
In order for any encryption to occur, the two ends of a VPN tunnel must agree on the methods of encryption,
decryption, and authentication. This is done by sharing a key to the encryption code. For key management, there
are two modes available; select IKE with Preshared Key or Manual. Both ends of a VPN tunnel must use the
same mode of key management.
Figure 6-65: Remote Security Group Type - IP
Figure 6-66: Remote Security Group Type - Subnet
Figure 6-67: Remote Security Group Type - IP Range
Figure 6-63: Remote Security Gateway Type -
Dynamic IP + Domain Name (FQDN) Authentication
Figure 6-64: Remote Security Gateway Type -
Dynamic IP + E-mail Addr. (USER FQDN) Authentication