
Virtual Private Networks (VPN)
IP Profile Parameters
The following IP Profile Options screen is displayed for an IPsec Connection Profile.
IP Profile Options
SPI (Security Parameters Index): | 123456789 |
Remote Tunnel Endpoint Address: | 0.0.0.0 |
Remote Members Network: | 0.0.0.0 |
Remote Members Mask: | 0.0.0.0 |
Address Translation Enabled: | Yes |
NAT Map List... | |
NAT Server List... | |
PAT IP Address: | 1.1.1.1 |
Filter Set... | <<None>> |
Remove Filter Set |
|
Advanced IP Profile Options... |
|
COMMIT | CANCEL |
■You must specify an SPI (Security Parameters Index), which is the ESP receive side SPI and the default SPI for ESP transmit, AH receive, and AH transmit. It must be unique relative to any other configuration profile “ESP Receive SPIs.” (See “Advanced IP Profile Options” on page
■You must specify a Remote Tunnel Endpoint Address. Specify the IP address of your tunnel partner, the endpoint of the tunnel. The Remote Tunnel Endpoint Address may be 0.0.0.0, which implies that the IPsec tunnel will not be established until packets are received on the SPI specified. At that time the tunnel will be bound to the Remote Tunnel Endpoint until traffic from the remote gateway ceases for a timeout period.
■You must specify a Remote Members Network address. This specifies the subnet of the remote IPsec tunnel and will be used with the Remote Members Mask to determine and set the route.
■You must specify a Remote Members Mask. This is the subnet mask of the remote subnet to which the IPsec tunnel will route.
■You can specify Address Translation Enabled. For more information see Chapter 9, “IP Setup and Network Address Translation.” If Address Translation Enabled is set to Yes, you can specify the following three fields:
■NAT Map List
■NAT Server List
■PAT IP Address
(Note: Since there is no protocol to derive this address, 0.0.0.0 is not permitted.)
■You can specify a Filter Set. For more information see Chapter 13, “Security.”
■You can remove a Filter Set.
■You can choose to configure Advanced IP Profile Options (see “Advanced IP Profile Options,” in the