User manual AIRLIVE RS-3000

[. . . ] RS-3000 Office UTM Gateway User's Manual 1 Copyright The contents of this publication may not be reproduced in any part or as a whole, stored, transcribed in an information retrieval system, translated into any language, or transmitted in any form or by any means, mechanical, magnetic, electronic, optical, photocopying, manual, or otherwise, without the prior written permission. Trademarks All products, company, brand names are trademarks or registered trademarks of their respective companies. Specifications are subject to be changed without prior notice. FCC Interference Statement The RS-3000 has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against radio interference in a commercial environment. This equipment can generate, use and radiate radio frequency energy and, if not installed and used in accordance with the instructions in this manual, may cause harmful interference to radio communications. [. . . ] Select Remote Gateway-Fixed IP or Domain Name In To Destination list and enter the IP Address. (Figure14-21) Figure14-21 IPSec To Destination Setting STEP 4. Select Preshare in Authentication Method and enter the Preshared Key (max: 100 bits) (Figure14-22) Figure14-22 IPSec Authentication Method Setting STEP 5. Please select ENC Algorithm (3DES/DES/AES), AUTH Algorithm (MD5/SHA1), 111 Figure14-23 IPSec Encapsulation Setting STEP 6. You can choose Data Encryption + Authentication or Authentication Only to communicate in IPSec Algorithm list: ENC Algorithm: 3DES/DES/AES/NULL AUTH Algorithm: MD5/SHA1 Here we select 3DES for ENC Algorithm and MD5 for AUTH Algorithm to make sure the encapsulation way for data transmission. After selecting GROUP1 in Perfect Forward Secrecy, enter 3600 seconds in ISAKMP Lifetime, enter 28800 seconds in IPSec Lifetime, and selecting Main mode in Mode. (Figure14-25) Figure14-25 IPSec Perfect Forward Secrecy Setting 112 STEP 8. (Figure14-26) Figure14-26 Complete Company B IPSec Autokey Setting STEP 9. Enter the following setting in Trunk of VPN function: (Figure14-27) Enter a specific Tunnel Name. From Source: Select LAN From Source Subnet / Mask: Enter 192. 168. 20. 0 / 255. 255. 255. 0. Enter 192. 168. 10. 1 (the Default Gateway of Company A) as the Keep alive IP Select Show remote Network Neighborhood. (Figure14-28) Figure14-27 New Entry Tunnel Setting 113 Figure14-28 Complete New Entry Tunnel Setting STEP 10. Enter the following setting in Outgoing Policy: (Figure14-29) Trunk: Select IPSec_VPN_Tunnel. Click OK. (Figure14-30) Figure14-29 Setting the VPN Tunnel Outgoing Policy Figure14-30 Complete the VPN Tunnel Outgoing Policy Setting 114 STEP 11. Enter the following setting in Incoming Policy: (Figure14-31) Trunk: Select IPSec_VPN_Tunnel. Click OK. (Figure14-32) Figure14-31 Setting the VPN Tunnel Incoming Policy Figure14-32 Complete the VPN Tunnel Incoming Policy Setting STEP 12. Complete IPSec VPN Connection. 115 Setting PPTP VPN connection between two RS-3000s Preparation Company A WAN IP: 61. 11. 11. 11 LAN IP: 192. 168. 10. X Company B WAN IP: 211. 22. 22. 22 LAN IP: 192. 168. 20. X This example takes two RS-3000s as flattop. Suppose Company B 192. 168. 20. 100 is going to have VPN connection with Company A 192. 168. 10. 100 and download the resource. 116 The Default Gateway of Company A is the LAN IP of the RS-3000 192. 168. 10. 1. Select Modify and enable PPTP Server: Client IP Range: Keep the setting with original, ex. (Figure14-33) Figure14-33 Enable PPTP VPN Server Settings Client IP Range: the setting can not be the same as LAN IP subnet, or the PPTP function will not be workable. Idle Time: the setting time that the VPN Connection will auto-disconnect under unused situation. Add the following settings in PPTP Server of VPN function in the RS-3000 of Company A: Select New Entry. (Figure14-35) Figure 14-34 PPTP VPN Server Setting Figure 14-35 Complete PPTP VPN Server Setting 118 STEP 3. Enter the following setting in Trunk of VPN function: (Figure14-36) Enter a specific Tunnel Name. [. . . ] IPsec has been deployed widely to implement Virtual Private Networks (VPNs). Transport mode encrypts only the data of each packet, but leaves the header untouched. On the receiving side, an IPSec-compliant device decrypts each packet. PPTP Point-to-Point Tunneling Protocol: A VPN protocol developed by PPTP Forum. With PPTP, users can dial in to their corporate network via the Internet. [. . . ]