Vpn Configuration - Bizfon 2000 Administrator's Manual

Bizfon Manual II: Administrator's Guide
Enable automatic PPP restart at checkbox is used to select the time when the PPP connection will automatically be restarted. The checkbox
selection enables LCP echo failures text field that indicates the number of the LCP echo failure packets received before the PPP connection will be
considered as dead and will be restarted.
Disable CCP (Compression Control Protocol) negotiation -
this option should only be selected if the peer system is not
working properly. For example, if it is not accepting the requests
from the PPPD (Point-to-Point Daemon) for CCP negotiation.
Disable magic number negotiation - with this option, PPPD
cannot detect a looped-back line. This option should only be
selected if the peer is not working properly.
Disable protocol field compression negotiation in both the
receive and the transmit direction – with this option, no
protocol field compression will take place.
Disable Van Jacobson style TCP/IP header compression in
both the transmit and the receive direction – with this option,
no negotiation of TCP/IP header compression will take place
and the header will always be sent uncompressed.
Disable the connection-ID compression option in Van
Jacobson style TCP/IP header compression - with this
option, PPPD will not compress the connection-ID byte from
Van Jacobson and will not ask the peer to do so.
Disable the IPXCP and IPX protocols - this option should only
be selected if the peer is not working properly and cannot
handle requests from PPPD for IPXCP negotiation.

VPN Configuration

A VPN (Virtual Private Network) is established to connect two local networks (intranets) securely over the Internet securely. The VPN routers
manage authentication between servers and clients and handle data encryption for the connection. Only authorized users may access the network
and the data exchange cannot be intercepted.
VPN connections are, in many ways, like every Internet connection, they are based on IP addresses, which means, the concerned VPN gateways
must authenticate the IP addresses of their respective partner's VPN gateways. Each time a specific VPN is to be established, usually the same IP
addresses are expected. This will not create problems if both VPN partners have fixed WAN IP addresses. There may be circumstances reasons to
prefer dynamically allocated IP addresses. To enable devices that use a variable IP address as part of a VPN, they are turned into "Road Warriors".
For example, at this point they are able to reach their corporate network via authentication at the company's VPN gateway device. This VPN gateway
device must have a fixed IP address for Internet access. Every VPN needs at least one VPN gateway with a fixed IP address.
The partner devices of a VPN must have different WAN IP addresses, and if they are connected to local area networks, these LAN's must have
different IP addresses. As all Bizfon devices have the same default IP addresses on delivery, at least one of them must be reconfigured in order to
set a new IP address.
Bizfon supports several kinds of VPN connections such as IPSec, L2TP and PPTP.
The VPN Configuration page offers IPSec Configuration and
PPTP/L2TP Configuration links that lead to the corresponding
feature settings pages.
Attention: It is strongly recommended not to run different types
of VPN tunnels between the same endpoints simultaneously.
An IPSec connection includes authentication and encryption to protect data integrity and confidentiality. VPNs are "virtual" in the sense that
individuals can use the public Internet as a means of securely accessing an internal network. Once the IPSec connection is established, users have
access to the same network resources, addresses, and so forth as if they were connected locally. VPNs are "private" because the data is encrypted
between two VPN gateways. Encryption makes it very difficult for anyone to intercept data and capture sensitive information such as passwords. The
Bizfon can be set up to act as a VPN router when connected to the Internet with a fixed IP address or as an IPSec connection Road Warrior when
using dynamic IP addresses.
Establishing an IPSec connection normally requires the functionality of a VPN gateway on each side of the communication line. An intelligent Internet
access router, for example Bizfon, delivers this function but also PCs or workstations may also be equipped with VPN gateway functionality. Home
offices typically prefer dynamically allocated IP addresses.
When Bizfon is connected to the Internet with a fixed IP address, it will be set up to act as a VPN gateway. Bizfon is then prepared to establish an
IPSec connection with another VPN gateway device, but also allows access to Road Warriors. A notebook /laptop used by a traveling employee
could also be a Road Warrior. Access to their company's intranet via an IPSec connection can be obtained regardless of their location.
Bizfon2000 and Bizfon4000 (SW Version 4.1.x)
Administrator's Menus
Fig. II-143: Advanced PPP Settings page
Fig. II-144: VPN Configuration page
82