ProSecure Unified Threat Management (UTM) Appliance Reference Manual

3.Complete the fields, select the radio buttons, and make your selections from the pull-down menus as explained Table 7-10.

Table 7-10. Add IKE Policy Settings

 

Item

Description (or Subfield and Description)

 

 

 

 

 

 

 

Mode Config Record

 

 

 

 

 

 

 

 

 

Do you want to use

Specify whether or not the IKE policy uses a Mode Config Record. For

 

 

Mode Config Record?

information about how to define a Mode Config Record, see “Mode Config

 

 

Operation” on page 7-43. Select one of the following radio buttons:

 

 

 

Yes. IP addresses are assigned to remote VPN clients. You must select a

 

 

Mode Config record from the pull-down menu.

 

 

 

Note: Because Mode Config functions only in Aggressive Mode, selecting

 

 

the Yes radio button sets the tunnel exchange mode to Aggressive mode

 

 

and disables the Main mode. Mode Config also requires that both the local

 

 

and remote ends are defined by their FQDNs.

 

 

 

No. Disables Mode Config for this IKE policy.

 

 

 

Note: An XAUTH configuration via an edge device is not possible without

 

 

Mode Config and is therefore disabled too. For more information about

 

 

 

XAUTH, see “Configuring Extended Authentication (XAUTH)” on page 7-38.

 

 

 

 

 

 

Select Mode

From the pull-down menu, select one of the Mode Config

 

 

Config Record

records that you defined on the Add Mode Config Record

 

 

 

screen (see “Configuring Mode Config Operation on the

 

 

 

UTM” on page 7-43).

 

 

 

 

Note: Click the View Selected button to open the Selected

 

 

 

Mode Config Record Details popup window,

 

 

General

 

 

 

 

 

 

 

 

 

Policy Name

A descriptive name of the IKE policy for identification and management

 

 

 

purposes.

 

 

 

 

Note: The name is not supplied to the remote VPN endpoint.

 

 

Direction / Type

From the pull-down menu, select the connection method for the UTM:

 

 

 

Initiator. The UTM initiates the connection to the remote endpoint.

 

 

 

Responder. The UTM responds only to an IKE request from the remote

 

 

 

endpoint.

 

 

 

 

Both. The UTM can both initiate a connection to the remote endpoint and

 

 

respond to an IKE request from the remote endpoint.

 

 

Exchange Mode

From the pull-down menu, select the exchange more between the UTM and

 

 

the remote VPN endpoint:

 

 

 

Main. This mode is slower than the Aggressive mode but more secure.

 

 

 

Aggressive. This mode is faster than the Main mode but less secure.

 

 

 

Note: If you specify either a FQDN or a User FQDN name as the local ID and/

 

 

or remote ID (see the sections below), the aggressive mode is automatically

 

 

selected.

 

 

 

 

 

 

 

 

 

 

 

 

Virtual Private Networking Using IPsec Connections

7-27

v1.0, January 2010

Page 239
Image 239
NETGEAR UTM5-100NAS manual Add IKE Policy Settings, Description or Subfield and Description Mode Config Record, General