8 virtual private networks (vpn), 9 network considerations and limitations, Zonepro – dbx ZonePRO InstallGuide User Manual

32

ZonePRO

TM

6.8 Virtual Private Networks (VPN)

Virtual private networks (VPNs) provide an encrypted connection (or tunnel) between
networks or between a network and a user over a public network (such as the Internet).
Instead of using a dedicated, real-world connection such as a leased line, a VPN uses virtual
connections through the public network. The advantage of a VPN is that your computer can be
virtually connected to a local network from anywhere in the world where you have an internet
connection. This can also be done in a safe manner, not compromising your local network’s
security. If you would like to manage your ZonePROs remotely you should create a secure VPN
connection.

There are many solutions on the market today that provide VPN access. These products offer
different features, methods of VPN, complexity of setup and maintenance, as well as varying
levels of security. Recommending a VPN solution that will best suit the needs of your network
is beyond the scope of this document, although you will need a VPN that is capable of
passing UDP and TCP traffic (most do). The ZonePRO has been tested against several solutions
and should work with all VPNs that meet these criteria. Please work with your system
administrator and Internet service provider to find a VPN that will best fit your network.

The 3Com OfficeConnect Secure Router (model # 3CR860-95) is one solution that has been
tested, and is both inexpensive and simple to set up. It provides up to two concurrent VPN
connections. It works well with the built-in VPN interfaces in Microsoft Windows 2000 and XP.

6.9 Network Considerations and Limitations

• Without a VPN, there can be no access from the outside world to any ZonePRO that

is behind a Network Address Translation (NAT) router. (One-to-One NAT and port
forwarding will not work.)

• The Address Tool will not allow address changes on any ZonePRO that is connected to

the GUI via a proxy.

• When connecting to a ZonePRO through a proxy, the Locate Tool will only work on the

device that is setup as the proxy, and not the devices that are connected through it.

• Only connect at a 10-Mbit rate. This will work at both 10 half and 10 full duplex. Any

device that is forced to 100-Mbit or above will not link up.

• There is no auto sensing of the Ethernet Tx/Rx pairs. This means that if a hub switch

is not used, then the user must connect to the device via an Ethernet crossover cable
(supplied).

• There is a maximum of 10 ZonePRO devices that can connect to the ZonePRO designer

software at any given time.

• If the proxy link initially fails to connect, the user must go offline and then go back

online before the proxy connection will be re-established.

• Firewall Considerations: The ZonePRO uses port 3804 (udp and tcp) to communicate

with the ZonePRO Designer software. Make sure that you configure your firewalls
correctly so that data sent to and from this port number can traverse your network.

Networking

Section 6