User`s guide

ManualsBrandsProxicast ManualsComputer equipmentLAN-Cell 2

231

232

233

234

235

236

237

238

239

240

Chapter 10 IPSec VPN Config Screens

LAN-Cell 2 User’s Guide

235

10.7 Mobile User VPN/IPSec Examples

The following examples show how multiple mobile users can make VPN connections to a

single LAN-Cell. The mobile users use IPSec routers (or IPSec client software) with dynamic

WAN IP addresses. The LAN-Cell has a static public IP address.

Gateway Domain

Name Update Timer

If you use dynamic domain names in VPN rules to identify the LAN-Cell and/

or the remote IPSec router, the IP address mapped to the domain name can

change. The VPN tunnel stops working after the IP address changes. Any

users of the VPN tunnel are disconnected until the LAN-Cell gets the new IP

address from a DNS server and rebuilds the VPN tunnel.

Enter the time period (between 2 and 60 minutes) to set how often the LAN-

Cell queries a DNS server to update the IP address and domain name

mapping.

If the query returns a new IP address for a dynamic domain name, the LAN-

Cell disconnects the VPN tunnel. The LAN-Cell rebuilds the VPN tunnel

(using the new IP address) immediately if the IPSec SA is set to nailed up.

Otherwise the LAN-Cell rebuilds the VPN tunnel when there are packets for it

or you manually dial it.

If the LAN-Cell and all of the remote IPSec routers use static IP addresses or

regular domain names, you can enter 0 to disable this feature.

Adjust TCP Maximum

Segment Size

The TCP packets are larger after the LAN-Cell encrypts them for VPN. The

LAN-Cell fragments packets that are larger than a connection’s MTU

(Maximum Transmit Unit).

In most cases you should leave this set to Auto. The LAN-Cell automatically

sets the Maximum Segment Size (MSS) of the TCP packets that are to be

encrypted by VPN based on the encapsulation type.

Select Off to not adjust the MSS for the encrypted TCP packets.

If your network environment causes fragmentation issues that are affecting

your throughput performance, you can manually set a smaller MSS for the

TCP packets that are to be encrypted by VPN. Select User-Defined and

specify a size from 0~1460 bytes. 0 has the LAN-Cell use the auto setting.

Do not apply VPN

Rules to overlapped

local and remote

address ranges

When you configure a VPN rule, the LAN-Cell checks to make sure that the

IP addresses in the local and remote networks do not overlap. Select this

check box to disable the check if you need to configure a VPN policy with

overlapping local and remote IP addresses.

Note: If a VPN policy’s local and remote IP addresses overlap,

you may not be able to access the device on your LAN

because the LAN-Cell automatically triggers a VPN

tunnel to the remote device with the same IP address.

Apply Click Apply to save your changes back to the LAN-Cell.

Reset Click Reset to begin configuring this screen afresh.

Table 84 SECURITY > VPN > Global Setting (continued)

LABEL DESCRIPTION