Netopia R910 manual IP Profile Parameters

Virtual Private Networks (VPN) 10-83

IP Profile Parameters

The following IP Profile Options screen is displayed for an IPsec Connection Profile.

IP Profile Options

■You must specify an SPI (Security Parameters Index), which is the ESP receive side SPI and the default SPI for ESP transmit, AH receive, and AH transmit. It must be unique relative to any other configuration profile “ESP Receive SPIs.” (See “Advanced IP Profile Options” on page 10-84.)

■You must specify a Remote Tunnel Endpoint Address. Specify the IP address of your tunnel partner, the endpoint of the tunnel. The Remote Tunnel Endpoint Address may be 0.0.0.0, which implies that the IPsec tunnel will not be established until packets are received on the SPI specified. At that time the tunnel will be bound to the Remote Tunnel Endpoint until traffic from the remote gateway ceases for a timeout period.

■You must specify a Remote Members Network address. This specifies the subnet of the remote IPsec tunnel and will be used with the Remote Members Mask to determine and set the route.

■You must specify a Remote Members Mask. This is the subnet mask of the remote subnet to which the IPsec tunnel will route.

■You can specify Address Translation Enabled. For more information see Chapter 9, “IP Setup and Network Address Translation.” If Address Translation Enabled is set to Yes, you can specify the following three fields:

■NAT Map List

■NAT Server List

■PAT IP Address

(Note: Since there is no protocol to derive this address, 0.0.0.0 is not permitted.)

■You can specify a Filter Set. For more information see Chapter 13, “Security.”

■You can remove a Filter Set.

■You can choose to configure Advanced IP Profile Options (see “Advanced IP Profile Options,” in the