ProSecure Unified Threat Management (UTM) Appliance Reference Manual

Table 7-12. Add VPN Policy Settings (continued)

 

Item

Description (or Subfield and Description)

 

 

 

 

Traffic Selection

 

 

 

 

 

Local IP

From the pull-down menu, select the address or addresses that are part of

 

 

the VPN tunnel on the UTM:

 

 

Any. All PCs and devices on the network.

 

 

Note: You cannot select Any for both the UTM and the remote endpoint.

 

 

Single. A single IP address on the network. Enter the IP address in the

 

 

Start IP Address field.

 

 

Range. A range of IP addresses on the network. Enter the starting IP

 

 

address in the Start IP Address field and the ending IP address in the End

 

 

IP Address field.

 

 

Subnet. A subnet on the network. Enter the starting IP address in the Start

 

 

IP Address field and the subnet mask in the Subnet Mask field.

 

 

 

 

Remote IP

From the pull-down menu, select the address or addresses that are part of

 

 

the VPN tunnel on the remote endpoint. The menu choices are the same as

 

 

for the Local IP pull-down menu (see above).

 

 

 

 

Manual Policy Parameters

 

Note: These fields apply only when you select Manual Policy as the policy type. When you specify the

 

settings for the fields in this section, a security association (SA) is created.

 

 

 

 

SPI-Incoming

The Security Parameters Index (SPI) for the inbound policy. Enter a

 

 

hexadecimal value between 3 and 8 characters (for example: 0x1234).

 

 

 

 

Encryption Algorithm

From the pull-down menu, select one of the following five algorithms to

 

 

negotiate the security association (SA):

 

 

DES. Data Encryption Standard (DES)

 

 

3DES. Triple DES. This is the default algorithm.

 

 

AES-128. Advanced Encryption Standard (AES) with a 128-bits key size.

 

 

AES-192. AES with a 192-bits key size.

 

 

AES-256. AES with a 256-bits key size.

 

Key-In

The encryption key for he inbound policy. The length of the key depends on

 

 

the selected encryption algorithm:

 

 

• DES: enter 8 characters.

 

 

• 3DES: enter 24 characters.

 

 

AES-128: enter 16 characters.

 

 

AES-192: enter 24 characters.

 

 

AES-256: enter 32 characters.

 

Key-Out

The encryption key for he outbound policy. The length of the key depends on

 

 

the selected encryption algorithm. The required key lengths are the same as

 

 

for the Key-In (se above).

 

 

 

 

SPI-Outgoing

The Security Parameters Index (SPI) for the outbound policy. Enter a

 

 

hexadecimal value between 3 and 8 characters (for example: 0x1234).

 

 

 

 

 

 

7-36

Virtual Private Networking Using IPsec Connections

v1.0, January 2010

Page 248
Image 248
NETGEAR UTM50-100NAS, UTM5-100NAS manual Traffic Selection, Manual Policy Parameters