Perle Systems 5500161-40

VPN

234 IOLAN SDS/SCS/STS/MDC User’s Guide, Version 4.0

Secr et/R emo te

Validation Criteria

Button

Depending on the Authentication Method:

Shared Secret—Specify the text-based secret that is used to authenticate the

IPsec tunnel (case sensitive). This applies to all VPN tunnels (IPsec and

L2TP/IPsec).

X.509 Certificate—Specify the remote X.509 certificate validation criteria that

must match for successful authentication (case sensitive). Note that all

validation criteria must be configured to match the X.509 certificate. An

asterisk (*) is valid as a wildcard.

See Shared Secret Field Description on page 235 for m ore information.

See Remote Validation Criteria Field Descriptions on page 236 for more

information on the X.509 certificate validation criteria.

Local Dev ice When the VPN tunnel is established, one side of the tunnel is designated as

Right and the other as Left. You are configuring the IO LAN-side of the VPN

tunnel.

Data Options: Left, Right

Default: Left

Local IP Address The IP address of the IOLAN. You can specify %defaultroute when the IP

address of the IOLAN is not always known (for exam ple, when it gets its IP

address from DHCP). When %defaultroute is used, a default gateway must

be configured in the route table (Network, Advanced, Route List tab).

Field Format: IPv4 address, IPv6 address, FQDN, %defaultroute

Local External IP

Address When NAT Traversal (NAT_T) is enabled, this is IOLAN’s external IP address

or FQDN. When the IOLAN is behind a NAT router, this will be its public IP

address.

Field Format: IPv4 address, IPv6 address, FQDN

Local Next Hop The IP address of the router/gateway that will forward data packets to the

remote VPN (if required). The router/gateway must reside on the same subnet

at the IOLAN. Leave this parameter blank if you want to use the Default

Gateway configured in the IOLAN.

Field Format: IPv4 or IPv6 address

Local Host/Network

Address The IP address of a specific host, or the network address that the IOLAN will

provide a VPN connection to.

Field Format: IPv4 or IPv6 address

Local IPv4 Subnet

Mask The subnet mask of the local IPv4 network. Keep the default value when you

are configuring a host-to-host VPN connection.

Default: 255.255.255.255

Local IPv6 Prefix

Bits The prefix bits of the local IPv6 network. Keep the default value when you are

configuring a host-to-host VPN connection.

Default: 0

Remote IP Address The IP address or FQDN of the remote VPN peer. If you want to accept a VPN

connection from any VPN peer, you can enter %any in this field.

Field Format: IPv4 address, IPv6 address, FQDN, %any

Remote External IP

Address When NAT Traversal (NAT_T) is enabled, the remote VPN’s public external IP

address or FQDN.

Field Format: IPv4 address, IPv6 address, FQDN