Specifications
Figure 3.41: Available Certificates
VPN Connection
The ‘VPN connection’ tab is shown in Figure 3.43 on page 88. Under ‘Lo-
cal Configuration’, activate the check box ‘Route a subnet’ if a local subnet
should be routed. If the check box is activated, specify the subnet to contact
with an incoming VPN connection. For ‘Subnet’, the network must be in a
different IP address range than that on the remote side.
Under ‘Remote Configuration’, choose between dynamic IP addresses (‘Road
Warrior’) and a fixed IP address (‘Fixed IP Address’). The Road Warrior con-
figuration enables a client to establish a connection to the VPN server from
any IP address (e. g., dialing into the Internet from any provider, making
available access to the company network).
If you decide on a fixed IP address, specify this in the next entry field. If a
remote subnet should be routed, activate ‘Route a Subnet’ under ‘Remote
Subnet’. In this case, enter the address of the subnet in the next entry field.
‘Subnet’ refers to the network segment that should be accessed by the tunnel.
The subnet must be in a different IP address range than the one on the local
side. When setting up the tunnel, a route is automatically set to this subnet.
Authentication
Determine the authentication mechanism for the connection (see Figure 3.44
on page 89). Use X.509 certificates (recommended) or authentication using
shared keys. The X.509 certificate is comparable to an identity card issued for
a computer. With this certificate, the computer is authenticated with all VPN
locations. Only one certificate can be selected per computer.
86 Using the FAS