So what exactly do you get in an IPsec VPN endpoint that costs under $150? Actually, it looks like you get a lot! The first screenshot below (click on it for a full-sized view) shows you the main VPN configuration page, where you configure each "tunnel" between your Local Secure Group, i.e. clients on your LAN, and Remote Secure Group, i.e. clients on another LAN that you want to securely connect to. You can define up to 70 of these "tunnels" and you can enable/disable a tunnel without having to clear its settings.
Your "local" group can be a single IP address, range of IP addresses, or an entire subnet, as can your "remote group". The "remote group can also be set to Host or Any modes. The Remote Security Gateway setting lets you enter the IP address, or Fully Qualified Domain Name (FQDN) for the remote VPN device. You can also use the "Any" setting if the remote device has a dynamic IP address. You can choose between DES (56 bit), 3DES (168 bit), or disabling Encryption, and MD5, SHA, or disabling Authentication.
Key Management settings include choice of Auto, which uses IKE, or Manual Mode. In Auto mode, you specify a Pre-shared Key (23 alphanumeric characters max) and a Key Lifetime (from 300 to 100,000,000 seconds). You can optionally enable PFS (Perfect Forward Secrecy), to further enhance security during connection negotiation. If you want to handle your keys manually, you can enter Encryption and Authentication Keys (23 alphanumeric characters max), and Inbound and Outbound SPI (Security Parameter Index) values (from 0 to 4294967295).
If you're setting up a connection between two VP41's, the above selections should be more than enough to get you set up. But if you're trying to connect to a different make or model IPsec remote gateway, you might need to get into the Advanced Settings screen shown below and accessed by clicking on the little "more..." text to the right of the View Log button.
Tip: The "more..." link may not be available in earlier firmware versions, although the screen may be able to be reached by entering http://192.168.1.1/IPSecAdvance.htm into your browser. These screen shots were taken using version 1.40.2 Mar 10 2002 firmware.
Advanced VPN settings
The settings on this page may not be self-explanatory, but at least you can see what your options are! This page essentially gives you control over what happens in Phase 1 and 2 of the IPsec tunnel setup. But at the bottom of the page are some other settings that may prove helpful, so take note!
When you finally get set up, you can click the Connect button, and if everything is ok on both ends of the tunnel, you'll be rewarded with a "Connected" Status indication. Once the tunnel is successfully configured, the VP41 will automatically re-establish connection when traffic is detected that wants to go through the tunnel. I found that when this auto reconnect happened, the Status indication didn't always correctly indicate the Connection status, but clicking on the Summary button would bring up the screen shown below, which faithfully indicated the correct connection status.
If you don't successfully connect, the View Log button will bring up a log of the IPsec connect and disconnect activities. Essential for debugging the connection problems that many folks will have when dealing with their first VPN setup!