Installation guide
Quadro Manual II: Administrator's Guide Administrator's Menus
Quadro4x, 4xi, 4xa, 4xia, 4xs, 4xis, Quadro16x, 16xi, 16xa, 16xia, 16xs, 16xis; (SW Version 3.1.x) 81
Establishing an IPSec connection normally requires the functionality of a VPN gateway on each side of the communication line. An intelligent Internet
access router, for example Quadro, delivers this function but also PCs or workstations may be equipped with VPN gateway functionality. For home
offices it may be too expensive to get fixed IP addresses so they prefer dynamically allocated IP addresses.
When Quadro is connected to the Internet with a fixed IP address, it will be set up to act as a VPN gateway. Then Quadro is prepared to establish an
IPSec connection with another VPN gateway device, but allows access to Road Warriors, too. A traveling salesperson's notebook for example could
be such a Road Warrior. Access to their company’s intranet via IPSec connection can be obtained regardless of location.
Besides being a VPN gateway, Quadro can be set up to act as a Road Warrior. If a home office for example is connected to the Internet via Quadro
with PPPoE (Point-to-Point Protocol) and dynamic IP addressing, setting up Quadro as a Road Warrior will allow a IPSec connection to the corporate
network.
For the encryption and decryption of the data transmitted via the IPSec connection, a key is used. RSA used by Quadro is an asymmetric key
system. It has to be available on both sides of the IPSec connection and will generate a different pair of keys on each side, a private and a public
key. During the connection establishment, some data is encrypted with the remote party’s public key and can be decrypted with their private key by
themselves and vice versa (the data encrypted there with Quadro’s public key can be decrypted with Quadro’s private key). Since the private key is
never transmitted in any way, it stays completely unknown for everybody, thus the system remains safe. Even if someone gets hold of the public key,
decryption cannot be possible without the private key. Quadro generates such a pair of keys automatically when it is set up. The user cannot see the
private key, but must know the public one, as their IPSec connection partner will need it.
Please Note: Always a pair of keys will be generated, a public one and a private one, the former pair of keys will become invalid as well as all
existing IPSec connections that use RSA keying.
The IPSec Configuration link refers to the IPSec Connection
Settings page, which gives an overview of all existing IPSec
connections characterized by their Connection Name, the
Remote Gateway (the IP address or the hostname of the IPSec
connection partner), the State of the IPSec connection
(Stopped, Connecting, Activated, Waiting or Connected) and the
dedicated Keying Type (the encryption type). The content of
the table can be sorted in ascending or descending order by
clicking on the header of the respective column. There is a
checkbox for every IPSec connection to select it for further
editing.
Start activates the connection establishment of the selected
IPSec connection. The State of the IPSec connection will
change into “Connected” or “Activated” depending on the IPSec
connection type. If no record is selected, the “One Record
should be selected” error message occurs.
Attention: It is not recommended to start a static and a dynamic
connection configured to use the same secret key
simultaneously. A dynamic connection may capture the static
connection peer and vice versa, depending on which connection
established first.
Stop disconnects the selected IPSec connection. The state of
the IPSec connection will change into “Stopped”. If no record is
selected, the “One Record should be selected” error message
will occur. More than one record may be selected at a time to be
stopped.
Fig. II-129: IPSec Connection Settings page
Add leads to the Add IPSec Connection wizard where a new IPSec connection can be defined and specified. The wizard provides several pages.
Edit leads to a set of IPSec Connection Properties pages to modify the parameters of the selected IPSec connection. The page includes the same
components as the Add IPSec Connection page. To operate with Edit, only one record may be selected, otherwise an error will occur: “One row
must be selected”.
Restart all Connections restarts all active IPSec connections. The State of these IPSec connections will turn into Connected or Activated if the
restart procedure has been completed successfully.
RSA Key Management leads to the RSA Key Management page to see the current RSA key, to generate a new one and to send it to the peer via
e-mail.