With the settings under VPN you can configure your LANCOM R&S®Unified Firewall as a Virtual Private Network server to provide client-to-site (C2S) VPN connections. This allows computers in another location to use IPSec and VPN-SSL to securely access resources on the local network. A site-to-site (S2S) VPN gateway can use IPSec and VPN-SSL to establish a secure communication channel between two remote networks via the Internet.
Client-to-site VPN connections
A client-to-site VPN connection provides access to the corporate network from the outside. Authentication is performed either via IPSec with issued certificates, by means of a PSK (pre-shared key), or via VPN-SSL with certificates.
Client-to-site connections over IPSec and VPN-SSL operate in one of two modes, depending on the client settings:
- In the split-tunnel mode, the only communication to pass through the firewall is that between the client and the internal network (e.g. a company network). Clients can reach devices in the internal network through the tunnel. For other destinations (e.g. the Internet), the packets are not routed by the LANCOM R&S®Unified Firewall. Example: A user dials in to a corporate network remotely from a hotel's wireless network using a VPN software client. Split tunneling allows the user to connect to file servers, database servers, mail servers, and other company network resources through the VPN connection. If the user connects to Internet resources (websites, FTP sites, etc.), the connection request is sent directly through the hotel network gateway.
- In the full-tunnel mode all traffic is routed back to your LANCOM R&S®Unified Firewall, including communication with the Internet. Full tunneling does not allow the user to access the Internet directly through hotel networks. All of the traffic sent by the client will be sent to the firewall while the VPN connection is active.
C2S connections over IPSec are established using a normal VPN client, such as the LANCOM Advanced VPN Client. Please refer to IPsec connection settings for further information.
VPN-SSL C2S connections are established using a normal VPN client. Please refer to VPN SSL connection settings for further information.
Site-to-site VPN connections
In the case of a site-to-site connection, two locations are connected via an encrypted tunnel to form a virtual network and they exchange data through this tunnel. The two locations can have fixed IP addresses. Authentication is performed either via IPSec with issued certificates, by means of a PSK (pre-shared key), or via VPN-SSL with certificates.
IPSec
Internet protocol security (IPSec) is a set of protocols that operates at the network layer or the link layer and secures the exchange of packets over untrusted networks (such as the Internet) by authenticating and encrypting each IP packet in a communication session. IPSec meets the highest security requirements.
VPN-SSL
VPN over SSL provides a fast and secure way to get a roadwarrior connected. The biggest advantage of VPN-SSL is that all traffic passes through a TCP or UDP port and, unlike IPSec, no other special protocols are required.
Before setting up VPN connections, make sure that you have installed the necessary certificates as described in Certificate Management.