53Configuring VPNsA Virtual Private Network (VPN) is a secure tunnel betweennetworks or between a network and a user. The Gatewaysupports both network to network connections and network toremote client connections.The Gateway supports IPSec tunnels, L2TP over IPSec, and PPTPconnections and allows VPN pass-through to enable other securedevices on your network to set up their own secure connections.Your Cable/DSL modem and your ISP must support IPSecpass-through, L2TP over IPSec pass-through or PPTP pass-throughfor you to be able to use these protocols.See “The Virtual Servers Menu” on page 45 for details toconfigure pass-through protocols.Setting the VPN ModeThe Gateway supports three modes of VPN operation:■ IPSec Enabled — IPSec (Internet Protocol Security) is acomplex secure protocol with a variety of different encryptionmethods. When setting up an IPSec connection between twodevices they must support the same encryption method.■ L2TP over IPSec Enabled — L2TP over IPSec is a combinationof protocols which authenticates a user (using L2TP) andencrypts data (using IPSec). See “L2TP Configuration” onpage 54.■ PPTP Server Enabled — PPTP (Point-to-Point TunnellingProtocol) is an encrypted VPN protocol like IPSec. It is not assecure as IPSec but is easy to administrate. PPTP does notsupport Gateway to Gateway connections and is only suitablefor connecting remote users.Enabling IPSec VPN will disable pass-through to IPSec andL2TP/IPSec Virtual Servers on the LAN. Enabling L2TP over IPSecwill disable pass-through to IPSec and L2TP/IPSec Virtual Serverson the LAN. Enabling the PPTP server will disable PPTPpass-through to a Virtual Server on the LAN. Pass-throughoutbound from clients on the LAN to servers on the internet isunaffected.A VPN Tunnel needs the same protocol on both sides of theconnection. If you are trying to establish an IPSec connectionwith another Gateway or with a user the other Gateway mustsupport IPSec or the user must have software installed thatsupports IPSec VPN.The VPN Mode menu is shown in Figure 51 below. Choose fromthe options by clicking in the appropriate radio button underVPN Server Setup.IPSec ConfigurationIn the IPSec Configuration field, enter This Gateway’s ID as anInternet IP address or name of the Gateway that you areconfiguring. This value is common across all IPSec connectionsbut does not apply to PPTP connections. If PPTP only is enabled,This Gateway’s ID field does not appear.If you require main mode IPSec connections then this value mustbe the public IP address of the Gateway.dua08 569-5aaa02.bo o k Pag e 53 Thursday , No vem ber 7 , 2002 3:09 PM