Introduction

Using a VPN Server allows you to securely transfer files between one computer network and another via the Internet.

Use this when you wish to create a connection between two networks. Typically, this is between two offices, such as a branch and head office.

Use this when you wish to create a connection between a fixed network and a roaming computer. For example, this roaming computer may belong to an employee who travels a lot. It is also recommended that you use L2TP accounts when using a Mobile User policy for additional security and management.

When configuring a Site-to-Site Policy you need to provide the following details:

This is a friendly name set by you to easily identify your VPN policy.

This is the WAN IP address of the XGate. This should be already filled in.

These are the Subnet details for your LAN. For example, if you XGate’s LAN IP Address is 192.168.2.1 you should enter the details 192.168.2.0 / 255.255.255.0.

This is the WAN IP address of the device you wish to establish a VPN connection. with.

These are the LAN subnet details of the device you wish to connect to. The device you wish to connect to cannot belong to the same LAN subnet as the XGate device you are using. For example, if your XGate has an IP address of 192.168.2.1, the other device cannot belong to 192.168.2.0 network.

This is the password of the VPN connection. You will need to enter this on both devices.

This is the type of encryption algorithm that you wish to use. In the majority of cases, the default setting offers adequate security.

When creating a Mobile User policy, the details that need to be provided are slightly different.

This is a friendly name set by you to easily identify your VPN policy.

This is the WAN IP address of the XGate. This should be already filled in.

In the majority of cases, this should also be set to the WAN IP address of the XGate. So, if you have a WAN IP address of 195.153.124.111, you should provide the local subnet as: 195.153.124.111 / 255.255.255.255.

This is the password of the VPN connection. You will need to enter this on both devices.

This is the type of encryption algorithm that you wish to use. In the majority of cases, the default setting offers adequate security.

Within the New Policy screen, Advanced Settings for VPN Policy creation can be reached in the bottom left. Within this screen, the following settings can be edited:

The IKE key is required to secure the VPN Connection. This specifies the period of time before the key is renewed.

This IPSEC key is used for the data transfer. This specifies the period of time before the key is renewed.

Also known as PFS. This enhances the security of a VPN connection by creating a new key for each data transfer phase. This makes it much harder for an intruder to find out what the keys are and gain access to the system. However, this makes the VPN connection slightly slower to set up as it takes longer to establish the VPN keys.

This compresses the data before encryption so that bandwidth can be used efficiently. Other devices with VPN Servers may not support IP compression so please check your documentation for further information. If you have an XGate or Prodigy device, it is recommended that you enable IP compression.