Yamaha RTX810 - Chapter 4 Implementing Site-To-Site VPN Connections; Creating a Virtual Private Network (VPN) Using Ipsec

To Next Page

To Previous Page

Implementing site-to-site VPN connections

Creating a Virtual Private Network (VPN) using IPsec

(IPsec LAN-to-LAN connection)

(continued from the previous page)

IPsec that can be used with

the product

• Internet Key Exchange (IKE) is used as the key exchange

protocol. Required keys are automatically generated by

IKE. It will be necessary to register pre-shared keys as

the seed (ipsec ike pre-shared key command).

• Management information containing keys, key lifetimes,

encryption and authentication algorithms is managed

with a security association (SA).

• Note the revision of the program for the destination

equipment that is a security gateway. Although there is

an interconnectivity of IPsec between releases 2 and 3,

the settings of the latter must be adjusted to the settings

of the former. The identiers of the security gateways that

are available for the product are 1 through 50. Similarly,

tunnel interface numbers are 1 through 50.

• The product supports both Main Mode and Aggressive

Mode. However, you cannot freely choose a mode.

– If the both routers that form a VPN have xed global

IP addresses, use the Main Mode. If only one router

has a xed global IP address (e.g., a dial-up VPN), use

the Aggressive Mode.

– When using the Main Mode, it will be necessary to

congure the IP address of the router on the other side.

– When using the Aggressive Mode, the settings depend

on whether or not the routers have xed global IP

addresses.

• For information on the IPsec specifications and

conguration commands of the product, please refer

to “Command reference” (included in the attached CD-

ROM).

Note

• Because IPsec tunnels are to be congured with the router

connected to a broadband connection, it will be necessary to

congure the broadband connections before setting up the

LAN-to-LAN connection using IPsec.

• IPsec-based LAN-to-LAN connection can be used only in an

environment where a global IP address is assigned by your

provider. Note that the following IP addresses are not global

IP addresses:

- 10.0.0.0 - 10.255.255.255

- 172.16.0.0 - 172.31.255.255

- 192.168.0.0 - 192.168.255.255

• When using the LAN-to-LAN connection, be sure to

congure adequate security settings to maintain data integrity.

Inadequate security settings may cause PCs in the LAN to be

hacked, sniffed, intercepted, or destroyed, or their data to be

lost.

• The LAN-to-LAN connection of the product does not support

Windows NetBEUI protocol or Apple's Mac OS AppleTalk

protocol.

• To share les in Windows, you need to use NetBIOS over

TCP/IP protocol or have a Windows Internet Name Service

(WINS) server.

• To share les in Macintosh, open System Preferences, select

“Sharing” and select “File Sharing” check box.

Main Page

Yamaha RTX810 - Chapter 4 Implementing Site-To-Site VPN Connections; Creating a Virtual Private Network (VPN) Using Ipsec

Table of Contents

Other manuals for Yamaha RTX810

Related product manuals