User Interface
R&S
®
GP-E/GP-S
108User Manual v16.2.1 ─ 01
tunneling enabled is able to connect to file servers, database servers, mail servers
and other services on the corporate network through the VPN connection. When
the user connects to Internet resources (websites, FTP sites, and so on), the con-
nection request goes directly out the gateway provided by the hotel network.
●
In full tunnel mode, all traffic is routed through your gateprotect Firewall, including
communication with sites on the Internet.
For example, full tunneling will not allow the user to use the hotel network to
access the Internet anymore. All traffic which is sent out by the client when the
VPN connection is active will be sent to the firewall.
OpenVPN
OpenVPN (VPN over TLS/SSL) offers a fast and secure opportunity to tie down a
Road Warrior. The biggest advantage of OpenVPN is the fact that all the data traffic
runs over a TCP or UDP port and no further special protocols are required in contrast
to IPsec.
Before setting up VPN connections, make sure that you have installed the necessary
certificates as described under "Certificates Settings" on page 123.
3.4.7.1 IPsec
The IPsec (Internet Protocol Security) protocol suite operates at the network layer and
uses authentication and encryption of IP packets to secure communication in untrusted
networks.
You need two VPN IPsec capable servers for an IPsec Site-to-Site connection. For a
Client-to-Site connection, you need separate client software.
Your gateprotect Firewall is able to create and use secured connections using the
IPsec protocol suite. This is based on ESP in tunnel mode. The key exchange can be
accomplished using version 1 of the IKE protocol or using the newer IKEv2.
IPsec Profiles
The IPsec "Profiles" are named settings groups that associate various security infor-
mation and settings into a logical group that can be selected when creating a Security
Association (SA) for VPN connections via IPsec.
The profiles include Internet Key Exchange (IKE) settings such as encryption algorithm
and mode (Phase 1 of the IKE negotiation) and Encapsulating Security Payload (ESP)
options such as encryption method and cryptographic hash functions (Phase 2 of the
IKE negotiation).
Six common profiles are provided, but you can create a custom profile if you need to
use other settings.
●
default – uses IKEv2 settings to support NAT/firewall traversal, VoIP, and so
forth
●
ios – dedicated IKEv2 profile to meet the requirements of iOS
●
l2tp – uses IKEv1 settings to support the Layer 2 Tunneling Protocol
Menu Reference
To Next Page
Loading...