CHAPTER 12: Creating a Remote User VPN Policy328 VcontrollerAbout Remote User VPNTelecommuters and traveling employees who need accessto the corporate network are common fixtures in today’sbusiness environment. RUVPN creates an IPSec tunnelbetween an unsecured remote host and your trusted andoptional networks using a standard Internet dial-up orbroadband connection–without compromising security.This type of VPN requires only one Firebox Vclass appli-ance for the private network and the Mobile User VPNsoftware client, which is an optional feature of the FireboxVclass appliances.RUVPN uses IPSec with DES or 3DES-CBC to encryptincoming traffic and MD5 or SHA-1 to authenticate datapackets. You create a security policy and distribute it alongwith the RUVPN software to each telecommuter. After thesoftware is installed on the telecommuters’ computers,they can securely access corporate resources. RUVPN userscan modify their security policy. You can also restrictRUVPN users fo that they they have read-only access tothe policy.Remote User VPN is available on all Firebox Vclass modelsexcept the V10. The Firebox Vclass appliance models V200,V100, V80, V60, and V60L come with 20 Remote User VPNlicenses, upgradeable in increments of 20, 100, 500, or 1,000.Configuring the Remote Users AuthenticationPolicyBefore creating a security policy to allow RUVPN traffic,you must first choose the user authentication databaseyour appliance will use.RUVPN users authenticate either to the user authenticationdatabase on the Firebox Vclass appliance or to a RADIUSauthentication server that you have previously configured.
