Chapter 8 – Frequently Asked Questions (FAQs)
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)
133
Chapter 8 – Frequently Asked
Questions (FAQs)
Q1
.
In general, what does the RouteFinder do?
A1.
The RouteFinder VPN Gateway/Firewall Router lets you use data encryption and the Internet to securely connect to
your telecommuters, remote offices, customers, or suppliers while avoiding the cost of expensive private leased lines.
The browser-based interface eases VPN configuration and management. The VPN functionality is based on the
IPSec and PPTP protocols and uses Triple DES 168-bit encryption to ensure that your information remains private. In
addition, the RouteFinder includes firewall security utilizing Stateful Packet Inspection and Network Address
Translation.
Q2
.
What is VPN and how do I use it?
A2.
VPN (Virtual Private Networking) uses IPSec and PPTP industry standard protocols, data encryption and the Internet
to provide high-performance, secure communications between sites without incurring the high expense of leased
lines. The RouteFinder can connect individual telecommuters to the office network by creating a separate, secure
tunnel for each connection, or it can connect entire remote office networks together as a LAN-to-LAN connection over
the Internet using a single data tunnel.
Q3.
Where is the RouteFinder installed on the network?
A3.
In a typical environment, the RouteFinder is installed between the internal network and an external network. Refer to
Chapter 1 and 2 of this manual for more information.
Q4.
What is Network Address Translation and what is it used for?
A4.
Network Address Translation (NAT) translates multiple IP addresses on the private LAN to one public address that is
sent out to the Internet. This adds a level of security since the address of a PC connected to the private LAN is never
transmitted on the Internet. Furthermore, NAT allows the RouteFinder to be used with low cost Internet accounts,
such as DSL or cable modems, where only one TCP/IP address is provided by the ISP. The user may have many
private addresses behind this single address provided by the ISP.
Q5.
What is a "DMZ"?
A5.
The DMZ (Demilitarized Zone) is a partially protected area where you can install public services. A device in the DMZ
should not be fully trusted, and should only be used for a single purpose (such as a web server, or an FTP server).
Q6.
If DMZ is used, does the exposed user share the public IP with the Router?
A6.
Yes.
Q7. What is the maximum number of users supported by the Router?
A7.
Shared broadband or dedicated Internet access for up to 253 LAN users with one IP address. The RouteFinder
supports up to 50 IPSec or 50 PPTP tunnels on the RF660/760VPN and 25 tunnels on the RF600VPN for secure
LAN-to-LAN and Client-to-LAN access over the Internet.
Q8.
Does the RouteFinder support virus protection?
A8.
Yes - The optional virus protection subscription utilizes a high-performance, ICSA-tested, anti-virus engine which
checks both incoming and outgoing email for viruses in real-time. With this option, automatic anti-virus updates will
be downloaded at user-defined intervals.
Q9.
What about RouteFinder firewall security support?
A9.
As small businesses shift from dial-up to always-on broadband Internet connections or leased line connections, their
networks become more vulnerable to Internet hackers. The RouteFinder uses Stateful Packet Inspection technology
and the NAT protocol to provide security from hackers attempting to access the office LAN. An automatic update
feature provides the highest level of security by automatically downloading any new system updates protecting
against newly discovered hacker threats. Additionally, the RouteFinder uses proxies to filter Internet content
protecting against dangerous ActiveX controls or Javascript and unwanted Web content.
Q10. Is Virtual Server support provided on my RouteFinder?
A10.
Yes, in addition to providing shared Internet access, the RouteFinder can support a Web, FTP, or other Internet
servers. Once configured, the RouteFinder only accepts unsolicited IP packets addressed to the web or ftp server.
Refer to Chapter 3.