The Astaro VPN gateway uses a variety of data encryption methods to create a secure communications "tunnel" over the public Internet.

Astaro's VPN Gateway features:

Multiple Architectures
The Astaro VPN gateway supports a variety of VPN architectures to accommodate the needs of branch offices, home users, and "road warriors." Configurations supported include:

Advanced Encryption

Sophisticated Encryption Algorithms Include:

IPSec and PPTP VPNs

The Astaro VPN gateway supports both PPTP and IPSec VPNs. Supported clients include:

• The native Windows PPTP client

• The native Windows IPSec client

• The Astaro Secure Client

• Other VPN clients that follow the IPSec standard

• Mac OS X VPN client

Authentication Methods
A variety of authentication methods are offered using:

• Passphrase (PSK)

• Certificates (X.509v3)

• Raw RSA Keys

• CHAP, MSCHAP, MSCHAPv2, and PAP

• RADIUS (for L2TP IPSec and PPTP)

IPSec Protocols

• Internet Key Exchange (IKE)

• Encapsulated Security Payload (ESP)

• Layer 2 Tunneling Protocol (L2TP)

• NAT-Traversal

Certificate Authority
Astaro's VPN includes an internal certificate authority with authentication based on PKI-trustchain. This enables the use of digital certificates without requiring that certificates be generated centrally and distributed to remote sites.

Dynamic IP VPN Tunnels
VPN tunnels can be created based on dynamic IP addresses at both ends of the connection (dyn-dyn tunnel). This provides flexibility in choosing different Internet Service Providers, network types and Internet uplinks for remote offices and users.

Remote Access Simplified
Dynamic IP addresses and DNS/WINS server addresses are distributed automatically to simplify remote access. IPSec client configurations can be generated and distributed from a central point, simplifying mass rollouts of IPSec VPNs.

Integrates Into Existing Environments

• Authenticate VPN users against a local database, Radius Servers, or Active Directory.

• Apply access policies based on users and groups, as well as IPs and networks.

• Apply access policies on PKI-based IPSec user groups.

• Full Support of Native Windows VPN and Mac OS X VPN using L2TP over IPSec.

Firewall Integration
The VPN gateway is fully integrated with Astaro's firewall. IPSec VPNs can utilize NAT traversal and virtual IP addresses. Firewall settings are generated automatically when VPN clients are configured. Packet filter policies can be specified on a per-user basis. VPN user groups can be created and used to grant access rights.