63
Chapter 6: Setting up and Configuring the Router
VPN Tab - Client to Gateway
10/100 16-Port VPN Router
Dynamic IP + E-mail Addr.(User FQDN) Authentication. If the Remote Security Gateway has a dynamic IP and
you want to use the e-mail address for authentication, then select this type. When the Remote Security
Gateway asks to create a tunnel with the Router, the Router will work as a responder. For authentication,
enter the appropriate e-mail address in the E-mail address fields.
Remote Client Setup for a Group VPN
Remote Client. There are three types of Remote Client: Domain Name (FQDN), E-mail Address (User FQDN), and
Microsoft XP/2000 VPN Client.
Remote Client
Select one of these three types: Domain Name(FQDN), E-mail Address(USER FQDN), or Microsoft XP/2000
VPN Client.
(If you want to use an FQDN (Fully Qualified Domain Name) but you have not set it up, visit www.dyndns.org to set
up a Dynamic Domain Name System (DDNS) account.)
After you have selected the Remote Client, the settings available on this screen may change, depending on which
selection you have made.
Domain Name(FQDN). If you select this type, enter the FQDN (Fully Qualified Domain Name) of the Remote
Client in the Domain Name field. The FQDN is the host name and domain name for a specific computer on the
Internet. An example of a FQDN is vpn.remotevpnserver.com. The FQDN must match the FQDN setting on the
Remote Client. When the Remote Client asks to create a tunnel with the Router, the Router will work as a
responder.
E-mail Address(USER FQDN). If you select this type, enter the e-mail address of the Remote Client at the other
end of the tunnel.
Microsoft XP/2000 VPN Client. If the Remote Client has a dynamic IP address and is a Microsoft VPN client,
select this type. The difference between Microsoft and other VPN clients is that the Microsoft VPN client does
not support Aggressive Mode and the two Remote Client options, Domain Name(FQDN) and E-mail
Address(USER FQDN).
IPSec Setup
In order for any encryption to occur, the two ends of a VPN tunnel must agree on the methods of encryption,
decryption, and authentication. This is done by sharing a key to the encryption code. For key management, there
are two modes available; select Manual or IKE with Preshared Key. Both ends of a VPN tunnel must use the
same mode of key management.
Figure 6-85: Remote Client for Group VPN -
Domain Name (FQDN)
Figure 6-86: Remote Client for Group VPN -
E-mail Address (USER FQDN)
Figure 6-84: Remote Client for VPN Tunnel -
Dynamic IP + E-mail Addr. (User FQDN) Authentication
Figure 6-87: Remote Client for Group VPN -
Microsoft XP/2000 VPN Client