Multi-Homing Security Gateway User’s Manual
9
select range to allow a range of the IP addresses such as DHCP IP range passing through MH-5001. See Chapter 11 IP/MAC
Binding for Details.
IPSec VPN improvements
Hub and Spoke VPN:
Suppose that your company has a main office and two branch offices or more which communicates using a
hub and spoke VPN configuration. The main office is the hub where the VPN tunnels terminate, while Branch_1 and Branch_2 are
the spokes. The Main office has a VPN tunnel to each branch office. Both Branch_1 and Branch_2 have their own VPN tunnel to
the hub. The VPN Spoke allows VPN traffic to pass from one tunnel to the other through a central MH-5001 hub. See Chapter 15
Virtual Private Network – Hub and Spoke VPN for details.
MPPE Support:
In MH-5001 release II version, both PPTP and L2TP can support MPPE. In other words, you can choose
“Require data encryption” while a client computer running Windows XP/2000. However, this release II version will not support
MS-CHAP, you have to check MS-CHAPv2 checkbox if you would like to require data encryption.
Transparent Mode
Transparent mode provides the same basic firewall protection as NAT mode. Packets received by the MH-5001 are intelligently
forwarded or blocked according to the firewall rules. The MH-5001 can be inserted into your network without changing your
network or any of its components. See Section 1.7.2 for details.
WAN Backup
When WAN Backup is enabled, the system will start to ping the public Internet Server IP addresses with a sequence of every
specified Timeout to check the connection of the current default WAN link. When the current default WAN link is disconnected,
MH-5001 will try to make the ping action to the first Public Internet Server IP address within the specified Timeout. When all of
them are timeout, the default route/link will be switched to another WAN link to continue the ping action within the specified
Detection Interval until the system is successful to ping the specified public IP address. See Section 3.4.4 for details.
Layer 7 Application Layer Firewall
When L7 Firewall enabled, the MH-5001 can instant block the application layer services such as MSN, Yahoo, SIP, H.323, etc
services. The information can be found at Chapter 22.