tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...

More documents

Recommendations

Info

VPN connections 7 VPN connections NUR TAINY HMOD-V3-IO NUR TAINY EMOD-V3-IO 7.1 Introduction IPsec VPN > Connections Note regarding the scope of function The menu item IPsec-VPN is only present with the TAINY HMOD-V3-IO and TAINY EMOD-V3-IO. Only the TAINY HMOD-V3-IO and TAINY EMOD-V3- IO support IPsec-VPN connections. Function The TAINY xMOD-V3-IO can connect the local network to a friendly remote network via a VPN tunnel. The IP data packets that are exchanged between the two networks are encrypted, and are protected against unauthorised tampering by the VPN tunnel. This means that even unprotected public networks like the Internet can be used to transfer data without endangering the confidentiality or integrity of the data. Local network Admin PC Local applikation Local application TAINY HSPA+, UMTS (E-)GPRS Page 58 of 111 TAINY xMOD APN VPN tunnel INTERNET VPN gateway Remote network Admin PC External remote stations Note: HSPA+ and UMTS are supported by the TAINY HMOD only. For the TAINY xMOD-V3-IO to establish a VPN tunnel, the remote network must have a VPN gateway as the remote station for the TAINY xMOD-V3-IO For the VPN tunnel, the TAINY xMOD-V3-IO uses the IPsec method in tunnel mode. In this method the IP data packets to be transmitted are completely encrypted and provided with a new header before they are sent to the remote station's VPN gateway. There the data packets are received, decrypted, and used to reconstruct the original data packets. These are then forwarded to their destination in the remote network.
Requirements for the remote network's VPN gateway Differences between two VPN connection modes: VPN connections � In VPN Roadwarrior Mode the TAINY xMOD-V3-IO VPN can accept connections from remote stations with an unknown address. These can be, for example, remote stations in mobile use that obtain their IP address dynamically. The VPN connection must be established by the remote station. Only one VPN connection is possible in Roadwarrior Mode. VPN connections in Standard Mode can be used at the same time. � In VPN Standard Mode the address (IP address or hostname) of the remote station's VPN gateway must be known for the VPN connection to be established. The VPN connection can be established either by the TAINY xMOD-V3-IO or by the remote station's VPN gateway as desired. Establishment of the VPN connection is subdivided into two phases: First in Phase 1 (ISAKMP = Internet Security Association and Key Management Protocol) the Security Association (SA) for the key exchange between the TAINY xMOD-V3-IO and the VPN gateway of the remote station is established. After that in Phase 2 (IPsec = Internet Protocol Security) the Security Association (SA) for the actual IPsec connection between the TAINY xMOD- V3-IO and the remote station's VPN gateway is established. In order to successfully establish an IPsec connection, the VPN remote station must support IPsec with the following configuration: � Authentication via X.509 certificates, CA certificates or pre-shared key (PSK) � ESP � Diffie-Hellman group 1, 2 or 5 � 3DES or AES encryption � MD5 or SHA-1 hash algorithms � Tunnel Mode � Quick Mode � Main Mode � SA Lifetime (1 second to 24 hours) If the remote station is a computer running under Windows 2000, then the Microsoft Windows 2000 High Encryption Pack or at least Service Pack 2 must also be installed. If the remote station is on the other side of a NAT router, then the remote station must support NAT-T. Or else the NAT router must know the IPsec protocol (IPsec/VPN passthrough). TAINY xMOD Page 59 of 111
Page 1 and 2:
User Manual TAINY HMOD-V3-IO, TAINY
Page 3 and 4:
Products ! Safety instructions The
Page 5 and 6:
Firmware with open source GPL/LGPL
Page 7 and 8: Contents Contents 1 Introduction ..
Page 9 and 10: 1 Introduction Introduction Product
Page 11 and 12: Introduction Local applications cou
Page 13 and 14: Terms Here are definitions of terms
Page 15 and 16: 2 Setup 2.1 Step by step Set up the
Page 17 and 18: 2.3 Overview 2.4 Service button Set
Page 19 and 20: TAINY EMOD Lamp Status Meaning S (S
Page 21 and 22: 2.6 Connections LAN0, LAN1 (10/100
Page 23 and 24: 24V / 0V power supply The TAINY xMO
Page 25 and 26: 3 Configuration 3.1 Overview Remote
Page 27 and 28: Preferred DNS server Configuration
Page 29 and 30: The start page is not displayed If
Page 31 and 32: Signal (CSQ Level) Indicates the st
Page 33 and 34: Carrying out configuration ONLY TAI
Page 35 and 36: Function Access to the TAINY xMOD i
Page 37 and 38: 4 Local interface 4.1 IP addresses
Page 39 and 40: 4.3 DNS to local network Local Netw
Page 41 and 42: Poll interval Serve system time to
Page 43 and 44: Provider selection mode - Manual Pr
Page 45 and 46: Provider selection mode - Automatic
Page 47 and 48: Activity on faulty connection Renew
Page 49 and 50: Remote host 0.0.0.0 Group group Use
Page 51 and 52: 5.7 Volume supervision External net
Page 53 and 54: Security functions Protocol Select
Page 55 and 56: 6.2 Port Forwarding Security > Port
Page 57: 6.4 Firewall Log Security > Firewal
Page 61 and 62: VPN connections CA certificate The
Page 63 and 64: VPN connections ISAKMP-SA mode Agre
Page 65 and 66: VPN Standard Mode Edit Settings Con
Page 67 and 68: VPN connections Remote net address
Page 69 and 70: VPN Standard Mode Edit IKE VPN conn
Page 71 and 72: 7.4 Loading VPN certificates IPsec
Page 73 and 74: 7.6 Supervision of VPN connections
Page 75 and 76: Number of connect attempts until re
Page 77 and 78: Action Define how access to the spe
Page 79 and 80: Factory setting The factory setting
Page 81 and 82: 9 Status, log and diagnosis 9.1 Log
Page 83 and 84: Status, log and diagnosis Function
Page 85 and 86: Status, log and diagnosis Function
Page 87 and 88: Additional functions Text Here ente
Page 89 and 90: Port number 26864 Firewall Rules No
Page 91 and 92: The following parameters of the TAI
Page 93 and 94: Target host NONE Target port 162 Ta
Page 95 and 96: Asymmetric encryption CIDR Small le
Page 97 and 98: Small lexicon of routers CSQ / RSSI
Page 99 and 100: Small lexicon of routers EGPRS EGPR
Page 101 and 102: IPsec MIB See SNMP Small lexicon of
Page 103 and 104: Protocol, Transfer protocol Small l
Page 105 and 106: X.509 certificate A type of "seal"
Page 107 and 108: Network B Computer B1 B2 B3 B4 Addi
Page 109 and 110:
Conformity CE Conforms to Directive
Page 111:
Protection class IP20 Dimensions 11
show all

tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...

Create successful ePaper yourself

Delete template?

Save as template?