User`s manual
EDR-G903/G902 Features and Functions
3-41
SYN/RST Scan
Setting Description Factory Default
Enable or Disable Enable or disable the SYN/RST Scan None
ICMP-Death
Setting Description Factory Default
Enable or Disable Enable or disable the ICMP-Death defense None
Packet/Second The limit value to activate ICMP-Death defense None
SYN-Flood
Setting Description Factory Default
Enable or Disable Enable or disable the Null Scan function None
Packet/Second The limit value to activate SYN-Flood defense None
VPN (Virtual Private Network)
Overview
This chapter describes how to use the EtherDevice Router to build a secure Remote Automation network with
the VPN (Virtual Private Network) feature. A VPN provides a highly cost effective solution of establishing secure
tunnels, so that data can be exchanged in a secure manner.
There are two common applications for secure remote communication in an industrial automation network:
IPSec (Internet Protocol Security) VPN for LAN to LAN security: Data communication only in a
pre-defined IP range between two different LANs.
L2TP (Layer 2 Tunnel Protocol) VPN for Remote roaming User: Secure data communication for remote
roaming users with dynamic IP. L2TP is a popular choice for remote roaming users for VPN applications because
the L2TP VPN protocol is already built in to the Microsoft Windows operating system.
IPSec uses IKE (Internet Key Exchange) protocol for Authentication, Key exchange and provides a way for the
VPN gateway data to be protected by different encryption methods.
There are 2 phases for IKE for negotiating the IPSec connections between 2 VPN gateways:
Key Exchange (IPSec Phase 1):
The 2 VPN gateways will negotiate how IKE should be protected. Phase 1 will also authenticate the two VPN
gateways by the matched Per-shared Key or X.509 Certificate.
Data Exchange (IPSec Phase 2):
In Phase 2, the VPN gateways negotiate to determine additional IPSec connection details, which include the
data encryption algorithm.