L2TP/IPsec that can
be used with the
product
• The product supports data encryption for IPsec.
• Internet Key Exchange (IKE) is used as the
key exchange protocol. Required keys are
automatically generated by IKE. It will be
necessary to register pre-shared keys as the
seed (ipsec ike pre-shared-key command).
• Management information containing keys,
key lifetimes, encryption and authentication
algorithms is managed with a security association
(SA).
• A disconnection timer monitors the
communication and an L2TP/IPsec session is
disconnected if data does not pass through an
L2TP/IPsec tunnel for a certain amount of time.
NOTE
• Because L2TP/IPsec tunnels are to be configured
with the product connected to a broadband
connection, it will be necessary to configure the
broadband connections before setting up remote
access using L2TP/IPsec.
• L2TP/IPsec-based remote access can be used
only in an environment where a global IP address
is assigned by your provider. Note that the following
IP addresses are not global IP addresses:
- 10.0.0.0 - 10.255.255.255
- 172.16.0.0 - 172.31.255.255
- 192.168.0.0 - 192.168.255.255
• When using the remote access, be sure to configure
adequate security settings to maintain data integrity.
Inadequate security settings may cause PCs in the
LAN to be hacked, sniffed, intercepted, or destroyed,
or their data to be lost.
• The remote access function of the product does not
support Windows NetBEUI protocol or Apple's Mac
OS AppleTalk protocol.
• To share files in Windows, you need to use NetBIOS
over TCP/IP protocol or have a Windows Internet
Name Service (WINS) server.
• To share files in Macintosh, open System Preferences,
select “Sharing” and select “Personal File Sharing”
check box.
Required settings
For remote access, the product, a PC, or a
smartphone needs to be configured as shown
below.
Configuring the product
• Configure the broadband connection.
- The WAN or PP side of the product must be
assigned a global IP address.
- For the terminal connection in which WAN or
PP address is dynamically assigned, it will
be necessary to obtain host names that are
available using the netvolante DNS service
(page 131).
- For the network connection, check the global
IP address that is assigned to the WAN or PP
side of the product.
• Register connection destinations (next section).
Settings required for a server or PC
in the LAN
• Configure a fixed private IP address.
• Change the settings of the file server software.
Settings required for a smartphone
that remotely accesses a PC
• Change the settings of a smartphone that
remotely accesses a PC (pages 110 and 112).
FWX120 Operation Manual
107
5
Implementing site-to-site VPN connections