Internet Security Router User’s Manual Chapter 2 Getting to Know the Internet Security Router7„ Alerts sent to the administrator via e-mail.„ Maintains at a minimum, log details such as, time of packet arrival, description of action taken byFirewall and reason for action.„ Supports the UNIX Syslog format.„ Sends log report e-mails as scheduled by the network administrator or by default when the log file isfull.„ All the messages are sent in the WELF format.„ ICMP logging to show code and type.2.4.1.8 Remote AccessThe Internet Security Router Firewall allows the network administrator to segregate the user community intoAccess Policies per group. A user can log in using the login page (Refer to “User Login Process” on page 67).After a user is authenticated successfully, the Internet Security Router Firewall dynamically activates the user-group’s set of access policies.These policies will subsequently be enforced until the user logs out of the session or until inactivity timeoutperiod has lapsed.2.4.2 VPNThe introduction of broadband Internet access at an affordable price has attracted a large number of users touse the Internet for business. Large-scale use of a very open public network such as, the Internet comes with alot of advantages and associated risks. These risks include the lack of confidentiality of data being sent and theauthenticity of the identities of the parties involved in the exchange of data. The VPN supported in the InternetSecurity Router is intended to resolve these issues at an affordable price.The VPN supported by the Internet Security Router is IPSec compliant. Packets sent via VPN are encrypted tomaintain privacy. The encrypted packets are then tunneled through a public network. As a result, tunnelparticipants enjoy the same security features and facilities that are available only to members of privatenetworks at a reduced cost.The following table lists the VPN features supported by the Internet Security Router:Table 2.4. VPN Features of the Internet Security RouterFeaturesTransport Mode for Client-Client ConnectivityTunnel Mode for Network-Network ConnectivityIP Fragmentation and ReassemblyIPSec SupportHardware Encryption Algorithm DES, 3DESHardware Authentication Algorithm MD5, SHA-1Transforms ESP, AHKey Management IKE (Pre-shared key), ManualMode configuration for IKE Main Mode, Aggressive Mode, QuickMode„ Site-to-Site VPN connection – Site-to-Site VPN connection is an alternative WAN infrastructure that isused to connect branch offices, home offices, or business partners’ sites to all or portions of acompany’s network.
