5
FWX120 Operation Manual
103
Implementing site-to-site VPN connections
IPsec that can be
used with the product
• Internet Key Exchange (IKE) is used as the
key exchange protocol. Required keys are
automatically generated by IKE. It will be
necessary to register pre-shared keys as the
seed (ipsec ike pre-shared-key command).
• Management information containing keys,
key lifetimes, encryption and authentication
algorithms is managed with a security association
(SA).
• Note the revision of the program for the
destination equipment that is a security gateway.
Although there is an interconnectivity of IPsec
between releases 2 and 3, the settings of the
latter must be adjusted to the settings of the
former. The identifiers of the security gateways
that are available for the product are 1 through
50. Similarly, tunnel interface numbers are 1
through 50.
• The product supports both Main Mode and
Aggressive Mode. However, you cannot freely
choose a mode.
- If the both routers that form a VPN have fixed
global IP addresses, use the Main Mode. If only
one router has a fixed global IP address (e.g.,
a dial-up VPN), use the Aggressive Mode.
- When using the Main Mode, it will be necessary
to configure the IP address of the router on the
other side.
- When using the Aggressive Mode, the settings
depend on whether or not the routers have
fixed global IP addresses.
• For information on the IPsec specifications and
configuration commands of the product, please
refer to “Command reference” (included in the
attached CD-ROM).
NOTE
• Because IPsec tunnels are to be configured with
the product connected to a broadband connection,
it will be necessary to configure the broadband
connections before setting up the LAN-to-LAN
connection using IPsec.
• IPsec-based LAN-to-LAN connection can be used
only in an environment where a global IP address
is assigned by your provider. Note that the following
IP addresses are not global IP addresses:
- 10.0.0.0 - 10.255.255.255
- 172.16.0.0 - 172.31.255.255
- 192.168.0.0 - 192.168.255.255
• When using the LAN-to-LAN connection, be sure to
configure adequate security settings to maintain data
integrity. Inadequate security settings may cause
PCs in both LANs to be hacked, sniffed, intercepted,
or destroyed, or their data to be lost.
• The LAN-to-LAN connection of the product does not
support Windows NetBEUI protocol or Apple's Mac
OS AppleTalk protocol.
• To share files in Windows, you need to use NetBIOS
over TCP/IP protocol or have a Windows Internet
Name Service (WINS) server.
• To share files in Macintosh, open System Preferences,
select “Sharing” and select “Personal File Sharing”
check box.