QuadroFXO Manual II: Administrator's Guide
Administrator’s Menus
QuadroFXO; SW Version 5.1.x
73
Please Note:
The Local ID and Remote ID values are mandatory for RSA selection and are optional for Shared Secret selection. However, it is
recommended to define the Local ID and Remote ID values for multiple road-warrior connections.
PFS (Perfect Forward Secrecy) is a procedure of system key exchange, which uses a long-term key and generates short-term keys as is required.
Thus, an attacker who acquires the long-term key can neither read previous messages that they may have captured nor read future ones.
Use IPSec Compression enables IPSec data compression. This option is displayed only if the IPSec-VPN partner supports it.
The RSA Key Management sub-page is used to see the current RSA key and to generate a new one. This page contains the following components:
The public key is displayed in the RSA Public Key text field
so that the user may inform their IPSec connection partner
about it, for example, via fax.
The user has the option of generating a new pair of keys by
specifying the key length with the corresponding radio buttons
Generate a new 1024bit RSA Key and Generate a new
2048bit RSA Key and then clicking the Generate Button.
A valid RSA key should fit to following requirements:
•
RSA key doesn't start with "0s"
•
RSA key doesn't end with "=="
•
RSA key contains symbols other than Alphanum, +,
/, =
The Email this to the peer text field requires the mailing
address of the IPSec connection partner. The Send button will
insert Quadro’s public RSA key into an e-mail and send it to
the IPSec connection partner.
Fig. II-127: IPSec Connection Wizard - IPSec Connection RSA Key Settings page
PPTP (Point-to-Point Tunneling Protocol) is used to establish a virtual private network (VPN) over the Internet. Remote users can access their
corporate networks via any ISP that supports PPTP on its servers. PPTP encapsulates any type of network protocol (IP, IPX, etc.) and transports it
over IP. Therefore, if IP is the original protocol, IP packets ride as encrypted messages inside PPTP packets running over IP. PPTP is based on
point-to-point protocol (PPP) and the Generic Routing Encapsulation (GRE) protocol. Encryption is performed by Microsoft's Point-to-Point
Encryption (MPPE), which is based on RC4.
L2TP (Layer 2 Tunneling Protocol) is a protocol from the IETF, which allows a PPP session to run over the Internet, an ATM, or frame relay network.
L2TP does not include encryption (as does PPTP), but defaults to using IPSec in order to provide virtual private network (VPN) connections from
remote users to the corporate LAN. Derived from Microsoft's Point-to-Point Tunneling Protocol (PPTP) and Cisco's Layer 2 Forwarding (L2F)
technology, L2TP encapsulates PPP frames into IP packets either at the remote user's PC or at an ISP that has an L2TP remote access
concentrator (LAC). The LAC transmits the L2TP packets over the network to the L2TP network server (LNS) at the corporate side. Large carriers
also may use L2TP to offer remote POPs to smaller ISPs. Users at the remote locations dial into the modem pool of an L2TP access concentrator,
which forwards the L2TP traffic over the Internet or private network to the L2TP servers at the ISP side, which then sends them on to the Internet.
For PPTP and L2TP Connections, two parties are required: a Client and a Server. The client is responsible for establishing the connection. The
server is waiting for clients, it is not able to initiate the connection itself.
Attention:
L2TP tunnels have no data encryption mechanism.
The Host Name and a Password specify each side. The client should know the server’s name and password (the Quadro server has no password)
and the server should set the client’s host name and a password. The client and server settings have to match on both sides for successful
connection establishment.
Clients and Servers are identified by their hostnames, which means that only one client can be connected to the server in the same network. Servers
also define the range of IP addresses that are assigned to the Server and Client hosts participating in a connection.
The PPTP/L2TP Configuration link displays a page where a new PPTP and L2TP connection can be configured, as well as PPTP and L2TP server
settings can be adjusted. The page consists of 3 sub-pages.
The Connections page lists all existing connections are listed,
characterized by their Connection Name, Type of the
connection (PPTP or L2TP), the Client/Server mode, the State
of the connection and the Remote Hostname IP (the IP
address or the hostname of the connection peer). The state of
the PPTP and L2TP Connections, except for the “Stopped”
state, is established as a link that refers to the page where
logout information about the connection status is displayed.
Logs can be useful to determine problems on PPTP or L2TP
connections failure.
Add functional button leads to the PPTP/L2TP Connection
Wizard page, where a new connection can be established.
Please note:
After creating a PPTP server connection, PPTP
connections between devices placed on the Quadro LAN
and external devices will no longer be possible. The PPTP pass-
through
service for incoming and outgoing traffic will be
automatically disallowed once a PPTP server connection is
created.
Fig. II-128: PPTP/L2TP Configuration page