COMMIT

Internet Key Exchange (IKE) IPsec Key Management for VPNs 5-15

support for sub-netting, host and network range addressing modes

works with manual keying and Internet Key Exchange (IKE)

each IPsec network works under the same local/remote tunnel endpoints

Select Add Network and press Return. The Add Network Configuration screen appears.

Add Network Configuration

 

 

+--------------

+

 

+--------------

+

Remote Member Format...

Subnet

Remote Member Address:

Range

Remote Member Mask:

Host Address

Local Member Format...

+--------------+

Local Member Address:

0.0.0.0

Local Member Mask:

0.0.0.0

CANCEL

The Remote Member Format and Local Member Format pop-up menus allow you to choose a format for your network end points: Subnet, Range, or a single Host Address.

If you choose Subnet, you must enter the Remote Member Address and the subnet mask that is the

Remote Member Mask.

Enter the Local Member Address and the Local Member Mask in their respective fields.

If you choose Range, the next two fields become Remote Member 1st Address and Remote Member Last Address. You supply these values.

Complete the Local Member 1st Address and Local Member Last Address fields.

If you choose Host Address, you need only supply the Remote Member Address and the Local Mem- ber Address; the other fields are hidden.

Select COMMIT and press Return to add the configuration. This returns you to the IP Profile Parameters screen. Select COMMIT and press Return in the IP Profile Parameters screen. This returns you to the Change Connection Profile screen. Select COMMIT and press Return in the Change Connection Profile screen.

Note:

Any two IPsec tunnels differ only by the local/remote networks they are intended to reach; they have the same encryption policy, which is derived from the base profile.

The feature is limited to 8 networks per tunnel.

Page 145
Image 145
Netopia 4000-Series manual Internet Key Exchange IKE IPsec Key Management for VPNs