Perle Systems 5500161-40 Server User Manual


 
231
VPN
VPN
Overview
A Virtual Private Network (VPN) creates a secure, dedicated communications network tunnelled
through another network.
You can configure the IOLAN for:
z a host-to-host Virtual Private Network (VPN) connection
z a host-to-network VPN connection
z a network-to-network VPN connection
z or host/network-to-IOLAN VPN connection (allowing serial devices connected to the IOLAN to
communicate data to a host/network).
In addition to being able to configure up to 64 IPsec tunnels, you can configure an L2TP/IPsec tunnel
that will allow hosts to create a VPN tunnel to the IOLAN. The L2TP/IPsec VPN protocol is required
by the Windows XP operating system.Windows Vista and Server 2008 support both VPN protocols.
Note:
Before you enable/configure any VPN tunnels, you should configure any exceptions or you
might not be able to access the IOLAN except through a VPN tunnel or the console port. See
Exceptions on page 238 for more information about exceptions.
Note:
If you are configuring IPsec and/or L2TP/IPsec, you must also enable the IPsec service
found in
Security, Services navigation tree.
Functionality
The information in this section applies only to setting up IPsec VPN tunnels, not L2TP/IPsec VPN
tunnels.
The IOLAN can be configured as a VPN gateway using the IPsec protocol. You can configure the
VPN connection using two IOLANs as the local and remote VPN gateways or the IOLAN as the
local VPN gateway and a host/server running the VPN software as the remote VPN gateway.
If the VPN tunnel is being configured for an IPv6 network that is going through a router(s), the
router(s) must have manual IPv6 address entry capability, similar to what Windows Vista provides.
VPN servers/clients can support various VPN parameters. However, the following parameters are
REQUIRED to be set to the following values to support a VPN tunnel between the IOLAN and a
VPN server/client:
perfect forward secrecy: no
protocol: ESP
mode: tunnel (not transport)
opportunistic encryption: no
aggressive mode: no
Common Name An entry for common name; for example, the host name or fully qualified
domain name. This field is case sensitive in order to successfully match the
information in the peer SSL/TLS certificate.
Data Options: Maximum 64 characters
Email An entry for an email address; for example, acct@anycompany.com. This field
is case sensitive in order to successfully match the information in the peer
SSL/TLS certificate.
Data Options: Maximum 64 characters