Bizfon 2000 Guia Do Utilizador
Bizfon Manual II: Administrator's Guide
Administrator’s Menus
Bizfon2000 and Bizfon4000 (SW Version 4.1.x)
83
Bizfon can also be set up to act as a Road Warrior. If a home office is connected to the Internet via Bizfon with PPPoE (Point-to-Point Protocol) and
dynamic IP addressing, setting up Bizfon as a Road Warrior will allow an IPSec connection to the corporate network.
dynamic IP addressing, setting up Bizfon as a Road Warrior will allow an IPSec connection to the corporate network.
For the encryption and decryption of the data transmitted via the IPSec connection, a key is used. RSA used by Bizfon is an asymmetric key system.
It has to be available on both sides of the IPSec connection and will generate a different pair of keys on each side, a private key and a public key.
During the connection establishment, some data is encrypted with the remote party’s public key. They can be decrypting the data with their private
key and the data encrypted there with Bizfon’s public key can be decrypted with Bizfon’s private key. Since the private key is never transmitted, it
stays completely unknown to everyone, thus the system remains safe. Even if someone gets the public key, decryption cannot be possible without
the private key. Bizfon generates such a pair of keys automatically when it is set up. The user cannot see the private key, but must know the public
key because their IPSec connection partner will need it.
It has to be available on both sides of the IPSec connection and will generate a different pair of keys on each side, a private key and a public key.
During the connection establishment, some data is encrypted with the remote party’s public key. They can be decrypting the data with their private
key and the data encrypted there with Bizfon’s public key can be decrypted with Bizfon’s private key. Since the private key is never transmitted, it
stays completely unknown to everyone, thus the system remains safe. Even if someone gets the public key, decryption cannot be possible without
the private key. Bizfon generates such a pair of keys automatically when it is set up. The user cannot see the private key, but must know the public
key because their IPSec connection partner will need it.
Please Note:
A pair of keys will always be generated, a public one and a private one. The previously generated pair of keys will become invalid as
well as all existing IPSec connections that use RSA keying.
The IPSec Configuration link refers to the IPSec Connection Settings page. This page provides an overview of all existing IPSec connections
characterized by their Connection Name, the Remote Gateway (the IP address or the hostname of the IPSec connection partner), the State of the
IPSec connection (Stopped, Connecting, Activated, Waiting or Connected) and the dedicated Keying Type (the encryption type). The content of the
table can be sorted in ascending or descending order by clicking on the header of the respective column. There is a checkbox for every IPSec
connection to select it for further editing.
characterized by their Connection Name, the Remote Gateway (the IP address or the hostname of the IPSec connection partner), the State of the
IPSec connection (Stopped, Connecting, Activated, Waiting or Connected) and the dedicated Keying Type (the encryption type). The content of the
table can be sorted in ascending or descending order by clicking on the header of the respective column. There is a checkbox for every IPSec
connection to select it for further editing.
Start activates the connection establishment of the selected
IPSec connection. The State of the IPSec connection will
change into “Connected” or “Activated” depending on the IPSec
connection type. If no record is selected, the error message
“One Record should be selected” appears.
IPSec connection. The State of the IPSec connection will
change into “Connected” or “Activated” depending on the IPSec
connection type. If no record is selected, the error message
“One Record should be selected” appears.
Attention:
It is not recommended to simultaneously start a
static and a dynamic connection configured to use the same
secret key. A dynamic connection may capture the static
connection peer and vice versa, depending on which connection
established first.
secret key. A dynamic connection may capture the static
connection peer and vice versa, depending on which connection
established first.
Stop disconnects the selected IPSec connection. The state of
the IPSec connection will change into “Stopped”. If no record is
selected, the error message “One Record should be selected”
will appear. More than one record may be selected at a time to
be stopped.
the IPSec connection will change into “Stopped”. If no record is
selected, the error message “One Record should be selected”
will appear. More than one record may be selected at a time to
be stopped.
Fig. II-145: IPSec Connection Settings page
Add leads to the Add IPSec Connection wizard where a new IPSec connection can be defined and specified. The wizard provides several pages.
Edit leads to a set of IPSec Connection Properties pages to modify the parameters of the selected IPSec connection. The page includes the same
components as the Add IPSec Connection page. To operate with Edit, only one record may be selected, otherwise an error message “One row
must be selected” appears.
components as the Add IPSec Connection page. To operate with Edit, only one record may be selected, otherwise an error message “One row
must be selected” appears.
Restart all Connections restarts all active IPSec connections. The State of these IPSec connections will turn into Connected or Activated if the
restart procedure has been successfully completed.
RSA Key Management leads to the RSA Key Management page to see the current RSA key, to generate a new one and to send it to the peer via
e-mail.
The first IPSec Connection Wizard page Add IPSec Connection has the Connection Name text field that requires a new mandatory IPSec
connection name. If the text field is not filled in, the error message otherwise an error will occur “Error: Incorrect connection name” will appear.
restart procedure has been successfully completed.
RSA Key Management leads to the RSA Key Management page to see the current RSA key, to generate a new one and to send it to the peer via
e-mail.
The first IPSec Connection Wizard page Add IPSec Connection has the Connection Name text field that requires a new mandatory IPSec
connection name. If the text field is not filled in, the error message otherwise an error will occur “Error: Incorrect connection name” will appear.
Please Note:
The input in the Connection Name field should only be in Latin characters, otherwise an error occurs and IPSec connection cannot be
created.
The Peer type drop down list is used to choose the remote
machine type for the IPSec Connection to be established. If the
list does not include the required type of machine, choose
Other.
machine type for the IPSec Connection to be established. If the
list does not include the required type of machine, choose
Other.
The VPN Network Topology drop down list allows you to select
the location of the peers participating to the VPN connection.
The following options are present in the list:
the location of the peers participating to the VPN connection.
The following options are present in the list:
•
Bizfon<>Peer – direct connection between Bizfon and a
peer.
•
Bizfon<>[Internet]<>Peer – connection between Bizfon and
peer over Internet.
•
Bizfon<>NAT<>[Internet]<>Peer – connection between
Bizfon and peer over Internet through Bizfon provider’s
NAT.
NAT.
•
Bizfon<>[Internet]<>NAT<>Peer – connection between
Bizfon and peer over Internet through peer provider’s NAT.
Fig. II-146: IPSec Connection Wizard - Add IPSec Connection