126
FWX1
20 Operation Manual
5
Implementing site-to-site VPN connections
PPTP that can be
used with the product
• The product supports data encryption for PPTP.
The RC4 (either 40 or 128-bit keys) is used as
the encryption algorithm.
• The product supports user and password
authentication based on MS-CHAP and MS-
CHAP v2.
• You can specify whether or not to block incoming
traffic if an MPPE encryption does not come into
effect (access control).
• The product does not support compression. In
the PPP setup on the PPTP client side, deselect
the “Enable software compression” check box.
• PPTP uses TCP port 1723 for tunnel control and
GRE protocol number 47 for data communication.
When a PPTP server is installed inside of a
firewall or when using NAT in combination with a
remote access VPN server, be sure to pass TCP
port number 1723 and GRE protocol number 47.
For details, contact your network administrator.
• A disconnection timer monitors the communication
and a PPTP session is disconnected if data does
not pass through a PPTP tunnel for a certain
amount of time.
• The product does not support PPP forwarding.
NOTE
• Because PPTP tunnels are to be configured with
the product connected to a broadband connection,
it will be necessary to configure the broadband
connections before setting up the LAN-to-LAN
connection using PPTP.
• PPTP-based LAN-to-LAN connection can be used
only in an environment where a global IP address
is assigned by your provider. Note that the following
IP addresses are not global IP addresses:
- 10.0.0.0 - 10.255.255.255
- 172.16.0.0 - 172.31.255.255
- 192.168.0.0 - 192.168.255.255
• When using the LAN-to-LAN connection, be sure to
configure adequate security settings to maintain data
integrity. Inadequate security settings may cause
PCs in both LANs to be hacked, sniffed, intercepted,
or destroyed, or their data to be lost.
• The LAN-to-LAN connection of the product does not
support Windows NetBEUI protocol or Apple's Mac
OS AppleTalk protocol.
• To share files in Windows, you need to use NetBIOS
over TCP/IP protocol or have a Windows Internet
Name Service (WINS) server.
• To share files in Macintosh, open System Preferences,
select “Sharing” and select “Personal File Sharing”
check box.
Before configuring
the settings
• To connect LANs, it will be necessary to configure
a different network address for each LAN to avoid
overlapping. Change the product's LAN network
address in advance.
• To attach the product to a LAN with a different
network address assigned, change the
configuration of the product according to the
network you install. Refer to “Configuring the IP
address on the LAN1 side” (page 45) for more
details.
Creating a Virtual Private Network (VPN) using PPTP
(PPTP-LAN-to-LAN connection)
(Continued from the previous page)