DEFINITIONS AND TERMINOLOGY

Before we begin it is important that you, the reader, are familiar with some of the terminology used thoughout this documentation and the WebTool. Please read and understand the terms below before proceeding.

Local Security Gateway

The "local" endpoint of a VPN. When used in the WebTool context this refers to the machine which you are working on.

Remote Security Gateway

The "remote" endpoint of a VPN. When used in the WebTool context this refers to a remote machine you want to create a VPN with.

Road Warrior

A remote security gateway whose IP address is not known. This term also refers to a class of users whose IP address is not known, such as salespeople traveling from city to city using a dial-up ISP for Internet access.

Certification Authority

An entity that issues digital (X.509) certificates and vouches for the data contained in such certificates. A CA may be thought of as a trusted third party who "signs" certificates, making them valid.

Host Certificate

An X.509 certificate for a machine (usually another VPN server).

User Certificate

An X.509 certificate for a person. A User Certificate may be associated with a local user on the machine.

Shared Key

A string (much like a password or a passphrase) that is shared between both VPN endpoints and used for authentication.

Remote Certificate

An X.509 certificate issued on a machine other then the local one. Remote Certificates are not signed by the local Certification Authority and are usually used to identify a machine on the other end of a VPN.

Cipher

A cryptographic algorithim used to encrypt/decrypt data that goes across the VPN. Four different ciphers are supported: 3DES, AES, Blowfish, and Twofish.

Perfect Forward Secrecy

Perfect Forward Secrecy (PFS) is a scheme employed by a VPN to greatly enhance the security of the key exchange. This should almost always be enabled except for when a client is encountered that does not support it.

X.509 Certificate

The standard format for digital certificates.