Perle Systems SCS8C DC User Manual
242
VPN
VPN
Overview
A Virtual Private Network (VPN) creates a secure, dedicated communications network tunnelled
through another network.
You can configure the IOLAN for:
through another network.
You can configure the IOLAN for:
z
a host-to-host Virtual Private Network (VPN) connection
z
a host-to-network VPN connection
z
a network-to-network VPN connection
z
or host/network-to-IOLAN VPN connection (allowing serial devices connected to the IOLAN to
communicate data to a host/network).
communicate data to a host/network).
In addition to being able to configure up to 64 IPsec tunnels, you can configure an L2TP/IPsec tunnel
that will allow hosts to create a VPN tunnel to the IOLAN. The L2TP/IPsec VPN protocol is required
by the Windows XP
that will allow hosts to create a VPN tunnel to the IOLAN. The L2TP/IPsec VPN protocol is required
by the Windows XP
®
operating system. Later versions of Windows
®
may support both VPN
protocols, however check with the Windows
®
documentation that came with your Windows
®
pc.
Functionality
The information in this section applies only to setting up IPsec VPN tunnels, not L2TP/IPsec VPN
tunnels.
The IOLAN can be configured as a VPN gateway using the IPsec protocol. You can configure the
VPN connection using two IOLANs as the local and remote VPN gateways or the IOLAN as the
local VPN gateway and a host/server running the VPN software as the remote VPN gateway.
If the VPN tunnel is being configured for an IPv6 network that is going through a router(s), the
router(s) must have manual IPv6 address entry capability, similar to what Windows Vista
tunnels.
The IOLAN can be configured as a VPN gateway using the IPsec protocol. You can configure the
VPN connection using two IOLANs as the local and remote VPN gateways or the IOLAN as the
local VPN gateway and a host/server running the VPN software as the remote VPN gateway.
If the VPN tunnel is being configured for an IPv6 network that is going through a router(s), the
router(s) must have manual IPv6 address entry capability, similar to what Windows Vista
®
provides.
VPN servers/clients can support various VPN parameters. However, the following parameters are
REQUIRED to be set to the following values to support a VPN tunnel between the IOLAN and a
VPN server/client:
REQUIRED to be set to the following values to support a VPN tunnel between the IOLAN and a
VPN server/client:
perfect forward secrecy: no
protocol: ESP
mode: tunnel (not transport)
opportunistic encryption: no
aggressive mode: no
protocol: ESP
mode: tunnel (not transport)
opportunistic encryption: no
aggressive mode: no
Common Name
An entry for common name; for example, the host name or fully qualified
domain name. This field is case sensitive in order to successfully match the
information in the peer SSL/TLS certificate.
Data Options: Maximum 64 characters
information in the peer SSL/TLS certificate.
Data Options: Maximum 64 characters
Email
An entry for an email address; for example, acct@anycompany.com. This field
is case sensitive in order to successfully match the information in the peer
SSL/TLS certificate.
Data Options: Maximum 64 characters
SSL/TLS certificate.
Data Options: Maximum 64 characters
Note:
Before you enable/configure any VPN tunnels, you should configure any exceptions or you
might not be able to access the IOLAN except through a VPN tunnel or the console port. See
for more information about exceptions.
Note:
If you are configuring IPsec and/or L2TP/IPsec, you must also enable the IPsec service
found in
Security
,
Services
navigation tree.