Planet Technology WLS-1280 User Manual
Page 132
129
During the first-time login to PLANET WLS-1280, Internet Explorer will ask user to download the ActiveX
component of IPSec VPN. This ActiveX component once downloaded will be running paralleled with the “Login
Success Page” after the page being brought up successfully. The ActiveX component helps to setup the IPSec
VPN tunnel between client’s device and PLANET WLS-1280 controller, and to check the validity of the IPSec
VPN tunnel between them. If the connection is down, the ActiveX component will detect the broken link and
decompose the IPSec tunnel. Once the IPSec VPN tunnel was built, any packet sent will be encrypted. Without
connecting to the original IPSec VPN tunnel, user or client device has no alternative to gain network connection
beyond this.
The design of PLANET WLS-1280’s IPSec VPN feature directly solves possible data security leak
problem between client and the controller via either wireless or wired connection without extra hardware or client
software installed.
2. Limitations
The limitation of the client side due to ActiveX and Windows OS includes:
a. Internet Connection Firewall of Windows XP or Windows XP SP1 is not compatible with IPSec protocol. It
shall be turned off to allow IPSec packets to pass through.
b. Without patch, ICMP (Ping) and PORT command of FTP can not work in Windows XP SP2.
c. The Forced termination (through CTRL+ALT+DEL, Task Manager) of the Internet Explorer will stop the
running of ActiveX. It causes IPSec tunnel can’t be cleared properly at client’s device. A reboot of client’s
device is needed to clear the IPSec tunnel.
d. The crash of Windows Internet Explorer may cause the same result.
3. Internet Connection Firewall
In Windows XP and Windows XP SP1, the Internet Connection Firewall is not compatible with IPSec. Internet
Connection Firewall will drop packets from tunneling of IPSec VPN.