VPN

The Astaro Virtual Private Network gateway uses a variety of data encryption methods to create a secure communications “tunnel” over the public Internet.

Multiple Architectures

To accommodate the needs of branch offices, home users, and “road warriors”, the VPN gateway supports a variety of VPN architectures, including
Net-to-Net, Host-to-Net, and Host-to-Host.

Broad Protocol and Client Support

The Astaro VPN gateway supports VPN protocols like IPSec, L2TP over IPSec, and PPTP. Administrators can select from a broad range of VPN clients, including the native Windows and Windows Mobile PPTP and L2TP over
IPSec clients, the Mac OS X VPN client, and other VPN clients that follow the IPSec standard, including the Astaro Secure Client. Different clients can be mixed in an Astaro VPN environment.

Certificate Authority

The Astaro Security Gateway includes an internal certificate authority with
authentication based on PKI-trustchain.

Simplified Remote Access

Dynamic IP addresses and DNS/WINS server addresses, taken from a virtual
address pool or provided by an DHCP server, can be distributed automatically to simplify remote access. IPSec client configurations can be distributed from a central point, simplifying mass rollouts of IPSec VPNs.

Integrates Into Existing Environments

Astaro’s VPN gateway is easy to integrate into existing environments. It can authenticate VPN users against local databases, Radius Servers, Novell eDirectory, Microsoft Active Directory, and LDAP-compliant enterprise directories. It can also apply access policies based on users and groups, IPs and networks, and PKI-based IPSec user groups.

Firewall Integration

Astaro’s VPN gateway is fully integrated with Astaro’s firewall. IPSec VPNs can utilize NAT traversal and virtual IP addresses. Firewall settings are generated automatically when VPN clients are configured. Packet filter policies can be specified on a per-user basis. VPN user groups can be created and used to grant access rights.

Summary of Supported Algorithms and Protocols

Encryption algorithms supported:
* AES (Rijndael)
* DES
* 3DES
* Blowfish
* Serpent 128-bit
* Twofish 128-bit
* MPPE (40 and 128 bit)

Authentication methods include:
* Passphrase (PSK)
* Certificates (X.509v3)
* Raw RSA Keys
* CHAP, MSCHAP, MSCHAPv2, and PAP
* RADIUS (for L2TP, IPSec and PPTP)

IPSec protocols include:
• Internet Key Exchange (IKE)
• Encapsulated Security Payload (ESP)
• Layer 2 Tunneling Protocol (L2TP)
• NAT-Traversal

Features