SpeedTouchTM608WL and SpeedTouchTM620 only SpeedTouchTM608(WL)/620
Table Of Contents
- Contents
- About this IPSec Configuration Guide
- 1 IPSec: Concept for secure IP connections
- 2 SpeedTouch™ IPSec terminology
- 3 Configuration via Local Pages
- Prerequisites
- IPSec Web Pages
- VPN Menu
- In this section
- 3.1 LAN to LAN Application
- Reference network
- Selecting the LAN to LAN application
- Outline of a configuration procedure
- 3.1.1 Remote Gateway Address Known Page
- VPN context
- Initial page
- Buttons
- Remote Gateway
- Miscellaneous
- IKE Security Descriptors
- Page layout with additional Descriptors
- Page layout for pre- shared key authentication
- IKE Authentication with Preshared Key
- Page layout for certificate authentication
- IKE Authentication: Certificate parameters
- Example of a completed page
- Buttons
- 3.1.2 Remote Gateway Address Unknown Page
- VPN context
- Example
- Aggressive Mode initial page
- Aggressive Mode versus Main Mode
- Buttons
- Miscellaneous
- IKE Security Descriptors
- Page layout with additional Descriptors
- Page layout for pre- shared key authentication
- IKE Authentication with Preshared Key
- Page layout for certificate authentication
- IKE Authentication: Certificate parameters
- Main Mode initial page
- Buttons
- IKE Security Descriptors
- Page layout with additional Descriptors
- Miscellaneous
- Page layout for pre- shared key authentication
- IKE Authentication with Preshared Key
- Page layout for certificate authentication
- IKE Authentication: Certificate parameters
- Main mode expanded page
- Identification & Interface
- Example of a completed page
- Buttons
- 3.1.3 Connections Page
- 3.2 VPN Client
- VPN context
- Advantages of the SpeedTouch™ VPN Client
- Selecting the VPN Client application
- Outline of a VPN Client configuration procedure
- 3.2.1 VPN Client Page
- Initial page
- Buttons
- Server IP Address or FQDN
- Backup Server IP Address or FQDN
- IKE Security Descriptor
- IPSec Security Descriptor
- Exchange Mode
- Server Vendor
- Primary Untrusted Physical Interface
- Virtual IP mapping
- Optional Remote network
- Page layout for pre- shared key authentication
- IKE Authentication with Preshared Key
- Page layout for certificate authentication
- IKE Authentication: Certificate parameters
- Starting and stopping a VPN client connection
- Page layout for Automatic Start
- Local LAN IP Range
- Set of Server Vendor specific parameters
- Configuring XAuth
- 3.2.2 Starting the VPN Client Connection
- 3.2.3 Closing a Connection
- 3.3 VPN Server
- VPN context
- Selecting the VPN Server application
- Outline of a VPN server configuration procedure
- 3.3.1 VPN Server Page
- Initial page
- Buttons
- Local Trusted Network
- Page layout with additional Networks
- IKE Security Descriptor
- Page layout with additional Descriptors
- IPSec Security Descriptor
- Page layout with additional Descriptors
- Miscellaneous
- VPN Server settings
- Page layout for pre- shared key authentication
- IKE Authentication with Preshared Key
- Page layout for certificate authentication
- IKE Authentication: Certificate parameters
- Authorized Users List
- 3.4 Certificates
- 3.5 Advanced VPN Menu
- When to use
- Peer Profiles page
- Connection Profiles page
- 3.5.1 Peer Profiles Page
- 3.5.2 Authentication Page
- 3.5.3 Peer Descriptors Page
- 3.5.4 Peer Options Page
- 3.5.5 VPN-Client Page
- 3.5.6 VPN-Server Page
- 3.5.7 VPN-Server-XAuth Page
- 3.5.8 Connection Profiles Page
- 3.5.9 Networks Page
- 3.5.10 Connection Descriptors Page
- 3.5.11 Connection Options Page
- 3.5.12 Client Page
- 4 Configuration via the Command Line Interface
- In this chapter
- Reference network
- 4.1 Basic IPSec configuration procedure
- 4.2 Peer: Authentication Attribute
- 4.3 Peer Security Descriptor
- 4.4 Peer
- What is ...
- How is it used
- In this section
- 4.4.1 Peer parameters
- Parameters table
- Peer name [name]
- Remote Security Gateway identifier [remoteaddr]
- Backup remote Security Gateway Identifier [backupaddr]
- Exchange mode [exchmode]
- Local Identifier [localid]
- Remote Identifier [remoteid]
- Physical Interface [phyif]
- Peer descriptor [descr]
- Authentication Attribute [auth]
- client/server
- options
- 4.4.2 List all peer entities
- 4.4.3 Create a new peer entity
- 4.4.4 Set or modify the peer parameters
- 4.4.5 Delete a Peer entity
- 4.5 Connection Security Descriptor
- 4.6 Network Descriptor
- 4.7 Connection
- 4.8 Auxiliary Commands
- 4.9 Organisation of the IPSec Command Group
- 5 Troubleshooting SpeedTouch™ IPSec
- 6 Advanced Features
- In this section
- 6.1 IPSec and the Stateful Inspection Firewall
- 6.2 Surfing through the VPN tunnel
- 6.3 Extended Authentication (XAuth)
- 6.4 VPN Client
- 6.5 VPN Server
- 6.6 XAuth Users Pool
- Introduction
- 6.6.1 XAuth Pool parameters
- 6.6.2 Create a new XAuth pool
- 6.6.3 Modify the xauthpool type
- 6.6.4 Attach the xauthpool entity to the vpnserver entity
- 6.6.5 Delete an xauthpool entity
- 6.6.6 XAuth User parameters
- 6.6.7 Create a new XAuth user
- 6.6.8 Set or modify the password of an XAuth user
- 6.6.9 Delete an xauthuser entity
- 6.7 The Default Peer Concept
- 6.8 One Peer - Multiple Connections
- 6.9 Peer Options
- 6.10 Connection Options
- 6.11 Advanced Connection
- Need more help?
Chapter 3
Configuration via Local Pages
E-DOC-CTC-20051017-0169 v0.1
89
Secondary DNS The IP address of the secondary DNS server, provided to the VPN clients via IKE
Mode Config. This is the secondary DNS server in the local network that is open to
VPN clients.
Primary WINS The IP address of the primary WINS server, provided to the VPN clients via IKE
Mode Config. This is the primary WINS server in the local network that is open to
VPN clients. A WINS server maps NETBIOS names to IP addresses.
Secondary WINS The IP address of the secondary WINS server, provided to the VPN clients via IKE
Mode Config. This is the secondary WINS server in the local network that is open to
VPN clients.
XAuth Pool The SpeedTouch™ allows the optional use of the Extended Authorization protocol
with an internal list of authorized users. When you want to use XAuth, a list of
authorized users is to be composed. This is explained in section “3.5.7 VPN-Server-
XAuth Page” on page 90.
Once you have defined a named list or authorized users, select it from the XAuth
Pool list to activate the use of Xauth in the VPN server.