Chapter 7 VPN
Table
Parameter | Description |
|
|
|
|
Enable NAT of local network | Enable this option to perform NAT on traffic entering a VPN tunnel. |
addresses | Selecting this option allows multiple remote VPN sites can use the |
| same IP subnet. |
| If you enable NAT, enter the NAT IP Address. This address must be |
| included in the Local ID configured for the local network. |
| Only one NAT IP address can be used for outgoing sessions for one |
| VPN tunnel. However, you can configure an |
| Server for other specific IP addresses. These servers will use the |
| virtual server public IP address for outgoing sessions when VPN |
| NAT is enabled. This provides |
| VPN tunnels. For details, see “Configuring Virtual Servers” on |
| |
| If you enable NAT for the VPN tunnel, the Terminated Security Zone |
| configured for the Security Association must be virtual, no physical |
| ports assigned to the zone. |
|
|
For details on configuring IPSec Security Associations, see the following topics:
•“IPSec Security Association Configuration Parameters” on page 190
•“Edit the Default SA for
•“Edit the Default SA for
•“Configure an IPSec SA for a
Edit the Default SA for
STEP 1
STEP 2
STEP 3
STEP 4
STEP 5
STEP 6
From the LSM menu, select VPN > IPSec Status. Then, select the IPSec Configuration tab. The VPN - IP Security/ IKE page displays.
On the IPSec Configuration page in the IP Security Associations table, click the Pencil icon to for the Default SA entry.
On the Edit IP Security Association page, in the IP Security Association Setup table, check Enable Security Association to enable the Default SA.
To enable the X family device to use the Default SA for L2TP VPNs, check Support L2TP.
L2TP uses IPSec transport mode.
For IKE Setup, select the IKE Proposal from the
If you have selected an IKE Proposal with
The same
194 X Family LSM User’s Guide V 2.5.1