Page 23

Internet Security Router User

’s Manual

Chapter 2 Getting to Know the Internet Security Router

„ Alerts sent to the administrator via e-mail.

„ Maintains at a minimum, log details such as, time of packet arrival, description of action taken by

Firewall and reason for action.

„ Supports the UNIX Syslog format.

„ Sends log report e-mails as scheduled by the network administrator or by default when the log file is

full.

„ All the messages are sent in the WELF format.

„ ICMP logging to show code and type.

2.4.1.8

Remote Access

The Internet Security Router Firewall allows the network administrator to segregate the user community into

Access Policies per group. A user can log in using the login page (Refer to

“User Login Process” on page 67).

After a user is authenticated successfully, the Internet Security Router Firewall dynamically activates the user-

group

’s set of access policies.

These policies will subsequently be enforced until the user logs out of the session or until inactivity timeout

period has lapsed.

2.4.2

VPN

The introduction of broadband Internet access at an affordable price has attracted a large number of users to

use the Internet for business. Large-scale use of a very open public network such as, the Internet comes with a

lot of advantages and associated risks. These risks include the lack of confidentiality of data being sent and the

authenticity of the identities of the parties involved in the exchange of data. The VPN supported in the Internet

Security Router is intended to resolve these issues at an affordable price.

The VPN supported by the Internet Security Router is IPSec compliant. Packets sent via VPN are encrypted to

maintain privacy. The encrypted packets are then tunneled through a public network. As a result, tunnel

participants enjoy the same security features and facilities that are available only to members of private

networks at a reduced cost.

The following table lists the VPN features supported by the Internet Security Router:

Table 2.4. VPN Features of the Internet Security Router

Features

Transport Mode for Client-Client Connectivity

Tunnel Mode for Network-Network Connectivity

IP Fragmentation and Reassembly

IPSec

Support

Hardware Encryption Algorithm

DES, 3DES

Hardware Authentication Algorithm

MD5, SHA-1

Transforms

ESP, AH

Key Management

IKE (Pre-shared key), Manual

Mode configuration for IKE

Main Mode, Aggressive Mode, Quick

Mode

„ Site-to-Site VPN connection – Site-to-Site VPN connection is an alternative WAN infrastructure that is

used to connect branch offices, home offices, or business partners

’ sites to all or portions of a

company

’s network.