VPN (Virtual Private Network) is a method of creating a secure private network via an insecure network such as Internet.
Assume that a company with several offices that are geographically distributed - for example, one office in Washington D.C. and one in Atlantic City - wants to connect its local networks to a company network. One relatively inexpensive way of doing this is through Internet. The firewalls in the offices create encrypted connections, tunnels, between the different offices. The users do not need to manage the encryption or set a new configuration. This kind of VPN is called Branch Office VPN.
VPN is also used when a single computer on an insecure network wants to connect to the office network through Internet. The client computer, also called a Road Warrior, must have special VPN software compatible with the firewall VPN software. The client connects to the Internet and creates an encrypted connection to the office firewall. In appendix E, More about VPN, you find more information about the configuration of VPN clients.
You can find examples on how to configure VPN in Ingate Firewall in chapter 5, How to configure VPN connections, and appendix B, More in-depth examples.
This is a short description of what Ingate VPN can do and what is required of other devices to be able to set up a VPN connection with Ingate Firewall.
Features
Supports connections to other IPSec compliant gateways and to IPSec clients (with or without a NAT:ed IP address)
Supports connections to PPTP clients
No user licenses
Key negotiation protocol (IPSec peers): IKE
Connection negotiation protocol: IPSec
Encryption algorithm (IPSec peers): AES or 3DES
Authentication algorithm (IPSec peers): SHA-1 or MD5
Authentication (IPSec peers): Shared secret or X.509 certificates
Customizable key lifetimes (maximum 172800 s for IKE keys, 86400 s for IPSec keys)
Authentication (PPTP peers): Password
You can have several networks behind one VPN peer, provided that they are proper subnets.
If you have defined Alias for the interface closest to the VPN peer, you can select which firewall address to use when connecting to a peer.
IPSec clients connections can be configured to require user authentication using a RADIUS server.
You must define firewall rules for VPN traffic. You can group peers that should have the same privileges.
Requirements for IPSec peers
Key negotiation protocol: IKE
Connection negotiation protocol: IPSec
Encryption algorithm: AES or 3DES
Authentication algorithm: SHA-1 or MD5
Authentication: Shared secret (VPN gateways only) or X.509 certificates
Support PFS (Perfect Forward Secrecy) group 2 or 5
Support Main mode (phase 1)
Support Tunnel mode (phase 2)