The OnSite administrator can set up VPN (Virtual Private Network) connections to establish encrypted communications between the OnSite and an individual host or all the hosts on a remote subnetwork. The encryption creates a security tunnel for communicating through an intermediate network that is untrustworthy.A security gateway with the IPsec service enabled must exist on the remote network. The IPsec gateway encrypts packets on their way to the OnSite and decrypts packets received from the OnSite. A single host running IPsec can serve as its own security gateway. The OnSite takes care of encryption and decryption on its end.Connections between a machine like the OnSite to a host or to a whole network are usually referred to as host-to-network and host-to-host tunnel. OnSite host-to-network and host-to-host tunnels are not quite the same as a VPN in the usual sense, because one or both sides have a degenerated subnet consisting of only one machine.The OnSite is referred to as the Local or “Left” host, and the remote gateway is referred to as the Remote or “Right” host.The following figure shows a single host running IPsec acting as its own security gateway on the right end and the OnSite acting as its own gateway on the left end.In summary, you can use the VPN features on the OnSite to create the two following types of connections:
• Create a secure tunnel between the OnSite and a gateway at a remote location so every machine on the subnet at the remote location has a secure connection with the OnSite.The gateway in the former example and the individual host in the second example both need a fixed IP address.To set up a security gateway, you can install IPsec on any machine that does networking over IP, including routers, firewall machines, various application servers, and end-user desktop or laptop machines.The ESP and AH authentication protocols are supported. RSA Public Keys and Shared Secret are also supported.The following table describes the parameters that must be configured for a VPN connection. The left column gives the names used in the Web Manager and the OSD separated by a slash, unless the names are the same. Work with the user who needs to make the VPN connection to make sure the information matches exactly on both ends.
Parameter Names: Web Manager/OSD Any descriptive name you want to use to identify this connection such as “MYCOMPANYDOMAIN-VPN.” Authentication Protocol/Protocol The authentication protocol used, either “ESP” (Encapsulating Security Payload) or “AH” (Authentication Header). Authentication method used, either “RSA Public Keys” or “Shared Secret.” The boot action configured for the host, “Ignore,” “Add,” and “Start.” “Ignore” means that VPN connection is ignored. “Add” means to wait for connections at startup. “Start” means to make the connection. The hostname of the host. The local host is the OnSite, referred to as the “left” host. The remote host is referred to as the “right” host. The router through which the OnSite (on the left side) or the remote host (on the right side) sends packets to the host on the other side. RSA Key (If RSA Public Keys is chosen The public key for the OnSite and for the remote gateway. You can use copy and paste to enter the key in the “RSA Key” field. Pre-Shared Secret (If “Shared Secret” is chosen