Under , you can enable VPN-SSL and configure the general settings on your LANCOM R&S®Unified Firewall:
| Input box | Description |
|---|---|
| I/0 | A slider button indicates whether VPN SSL is enabled (I) or disabled (0). Click on the slider button to change the status of this option. |
| Host certificate | Select a host certificate that your LANCOM R&S®Unified Firewall uses for all VPN SSL connections. |
| DNS | Optional: Enter a DNS server to be used by clients for client-to-site connections. |
| WINS | Optional: Enter a WINS server to be used by clients for client-to-site connections. |
| Timeout | Enter the timeout in seconds. The tunnel is disconnected if there is no data flow before the timeout expires. The default is 0. The tunnel is thus kept open permanently. |
| Log Level | Set the event log level here. For troubleshooting, event log level 5 is recommended. |
| Routes |
Enter routes for the VPN SSL tunnels to be created by the clients or the remote end of the connection. These routes will be used for all VPN SSL connections.
Click on Add to add the route to the list. You can edit or delete any entry in the list by clicking on the appropriate icon.
Please refer to Icons and buttons for further information.
Important: When you edit an entry, a checkmark will appear to the right of the entry. Click the checkmark to accept the change.
|
On tab Client-to-Site:
| Input box | Description |
|---|---|
| Protocol | Select the protocol with the appropriate radio button. |
| Port |
Specify the VPN SSL listening port to be used for incoming connections.
Important: This port number also has to be specified in the client software.
|
| Address pool | Specify the address range from which IP addresses are assigned to clients. This address range must not overlap with your local networks. |
| Encryption algorithm |
Use the drop-down list to select the encryption algorithm to use for C2S connections over VPN SSL.
The following encryption algorithms are available:
|
| Key renegotiation | To increase security, a VPN SSL connection renegotiates the session key while the connection is in progress. Enter the interval for key renegotiation in seconds. |
| Compression | Optional: Uncheck this box to disable LZO (Lempel-Ziv-Oberhumer, an algorithm for lossless data compression). This checkbox is enabled by default. |
On tab Site-to-Site:
| Input box | Description |
|---|---|
| Protocol | Select the protocol with the appropriate radio button. |
| Port |
Specify the VPN SSL listening port to be used for incoming connections.
Important: The same port number must be specified at the remote end of the connection.
|
| Address pool | Specify the address range from which IP addresses are to be used for S2S connections. This address range must not overlap with your local networks. |
| Encryption algorithm |
Use the drop-down list to select the encryption algorithm to use for S2S connections over VPN SSL.
The following encryption algorithms are available:
|
| Key renegotiation | To increase security, a VPN SSL connection renegotiates the session key while the connection is in progress. Enter the interval for key renegotiation in seconds. |
| Compression | Optional: Uncheck this box to disable LZO (Lempel-Ziv-Oberhumer, an algorithm for lossless data compression). This checkbox is enabled by default. |
On the Bridging tab you specify the settings for the VPN SSL server connection:
| Input box | Description |
|---|---|
| Protocol | Select the protocol with the appropriate radio button. |
| Port |
Specify the number of the VPN SSL listening port to be used for bridging.
Important: The same port number must be specified at the remote end of the connection.
|
| Encryption algorithm |
Use the drop-down list to select the encryption algorithm to use for bridging over VPN SSL.
The following encryption algorithms are available:
|
| Key renegotiation | To increase security, a VPN SSL connection renegotiates the session key while the connection is in progress. Enter the interval for key renegotiation in seconds. |
| Compression | Optional: Uncheck this box to disable LZO (Lempel-Ziv-Oberhumer, an algorithm for lossless data compression). This checkbox is enabled by default. |
If you have made changes, you can use the buttons at the bottom right of the edit window to save them (Save) or discard them (Reset). Otherwise you can close the window (Close).
Click 
Activate in the toolbar at the top of the desktop to apply your configuration changes.
