Virtual Private Networks (VPNs) 10-11
Map Lists, Server Lists, and PAT addresses are described in detail in Chapter 9, “Multiple Network Address
Translation.”
■You can specify a Filter Set. See "About filters and filter sets" on page 11-4.
■You can remove a Filter Set.
■You can choose to configure Advanced IP Profile Options (see “Advanced IP Profile Options,” in the
following section).
Note: The SPI title field above changes to SPI (Security Parameters Index) -- Use Advanced IP Profile Options
if any of the SPI values differ from each other.
Advanced IP Profile Options■You can specify an ESP Receive SPI. The value must be unique over the set of all ESP SPIs specified for
the remote tunnel endpoint.
■You can specify an ESP Transmit SPI. The value must be unique over the set of all ESP SPIs specified for
the remote tunnel endpoint.
■You can specify an AH Receive SPI if AH authentication has been requested. The value must be unique
over the set of all AH SPIs specified for the router.
■You can specify an AH Transmit SPI if AH authentication has been requested. The value must be unique
over the set of all AH SPIs specified for the remote tunnel endpoint.
■You can specify a Local Tunnel Endpoint Address. If not 0.0.0.0, this value must be one of the assigned
interface addresses, either WAN or LAN. This is used as the source address of all IPsec traffic.
■You can specify a Next Hop Gateway. If you specify the Remote Tunnel Endpoint Address, and the address
is in the same subnet as the Remote Members Network you specified in the IP Profile Parameters, the
Next Hop Gateway option allows you to enter the address by which the gateway partner is reached.
Advanced IP Profile Options
ESP Receive SPI: 123456789
ESP Transmit SPI: 123456789
AH Receive SPI: 123456789
AH Transmit SPI: 123456789
Local Tunnel Endpoint Address: 0.0.0.0
Next Hop Gateway: 0.0.0.0
SPI = Security Parameters Index, valid range is 1 - 4294967295.