104
FWX1
20 Operation Manual
5
Implementing site-to-site VPN connections
IPsec has two communication modes
There are basically two types of modes in
IPsec-based communications: tunnel mode and
transport mode. These two modes can be used in
combination, but it is not possible to doubly apply
each mode.
Tunnel mode
This is a communications mode that is provided
to use a IPsec-based VPN. The router, acting
as a security gateway, encrypts IP packet data
passing on the LAN to exchange data with the
security gateway on the other side. Since the router
performs all processes necessary for IPsec, no
special settings are required for hosts being the
start or end points on the LAN.
To use the tunnel mode, define a virtual interface
called “tunnel interface” and configure the routes
so that IP packets to be processed flow through the
tunnel interface. Each tunnel interface is managed
by its tunnel interface number.
Transport mode
This is a special communications mode that ensures
the security of communications in which the router
itself is the start or end point. This mode can be
used in a special case where a router accesses a
remote router using telnet.
Before configuring
the settings
• To connect LANs, it will be necessary to configure
a different network address for each LAN to avoid
overlapping. Change the product's LAN network
address in advance.
• To attach the product to a LAN with a different
network address assigned, change the
configuration of the product according to the
network you install. Refer to “Configuring the IP
address on the LAN1 side” (page 45) for more
details.
Configuring the
product to use IPsec
Configure the settings required for IPsec
communication with the product.
1
On the top page of “Basic configuration
page”, click “Advanced settings”,
then click “Configure” to the right of
“Configure VPN connection”.
2
Click “Add ” to the right of the destination
you want to register.
Creating a Virtual Private Network (VPN) using IPsec
(IPsec LAN-to-LAN connection)
(Continued from the previous page)