Before I move on to the SL1000's VPN features, I'll take a moment to cover one of the SL1000's more unique features. Remote Access is a simple non-secure user / password challenge authentication system that can be used to control the LAN-side clients and services that WAN-side (Internet) users can access.
It provides an option between no security and a VPN tunnel, and, once you get the hang of configuring it, can be a useful addition to your remote access toolkit. But note that the user / password challenge and your response are not encrypted, so this method should not be used in applications where security is a top concern.
Figure 11: Users and Groups setup
Figure 11 shows how you define Groups, enter Users and set their passwords. Once set, Users or Groups can be deleted or temporarily disabled to prevent access. Once you have your Groups defined, you create Group ACLs to control access to the desired services for specific groups of users. (Group ACLs look essentially the same as Inbound and Outbound ACLs except they also have a Group parameter.)
Once you get all this set up, a Remote user must go to a special URL and log into the router. Once the user has successfully logged in they may access the services and LAN clients specified in their Group ACL rule.
Though an interesting concept, I found that the implementation had problems. An access rule that I entered to allow access to Windows file sharing didn't require a login in order to enable it, but a Group ACL that I set to access an FTP server worked ok. I also found that once I entered the username and password in Internet Explorer to log in, I didn't have to enter it again after I logged out as long as I didn't quit the browser. All I had to do was hit the login URL again and the rule was enabled.
You can also use the Remote Access feature via an IPsec tunnel, but frankly after futzing with it for awhile, I didn't have the patience to figure out how to do it.