User guide
Rev 2.0 C Aug.10 57
6
6: VPN Configuration
• Global Settings
• VPN 1 to 5
• Log
The VPN tab that displays in ACEmanager, is applicable across all
Sierra Wireless AirLink devices.
The AirLink Device can act as a Virtual Private Network (VPN) client,
providing enterprise VPN access to any device connected to the
AirLink Device even when a device has no VPN client capability on its
own. The AirLink Device supports two tunneling protocols, IPsec and
GRE. Both can be used at the same time.
IPSec
The IP protocol that drives the Internet is inherently insecure. Internet
Protocol Security (IPSec), which is a standards-based protocol,
secures communications of IP packets over public networks.
IPSec is a common network layer security control and is used to
create a virtual private network (VPN).
The advantages of using IPSec or GRE feature includes:
• Data Protection: Data Content Confidentiality allows users to
protect their data from any unauthorized view, because the data
is encrypted (encryption algorithms are used).
• Access Control: Access Control implies a security service that
prevents unauthorized use of a Security Gateway, a network
behind a gateway or bandwidth on that network.
• Data Origin Authentication: Data Origin Authentication verifies
the actual sender, thus eliminating the possibility of forging the
actual sender’s identification by a third-party.
• Data Integrity: Data Integrity Authentication allows both ends of
the communication channel to confirm that the original data sent
has been received as transmitted, without being tampered with in
transit. This is achieved by using authentication algorithms and
their outputs.
Global Settings
The AirLink Device supports Global settingss with one encrypted
tunnel and one open tunnel. A sample server subnet for a Global
settings would be 172.16.1.0/24. Global settings VPNs should be
setup with care, as a Global settings configuration with both an
enterprise VPN and access to the public Internet can inadvertently
expose company resources.