-89-
Mode: Select the network mode for IPsec policy. Options include:
LAN-to-LAN: Select this option when the client is a
network.
Client-to-LAN: Select this option when the client is a host.
Local Subnet: Specify IP address range on your local LAN to identify which
PCs on your LAN are covered by this policy. It's formed by IP
address and subnet mask.
Remote Subnet: Specify IP address range on your remote network to identify
which PCs on the remote network are covered by this policy. It's
formed by IP address and subnet mask.
WAN: Specify the local WAN port for this Policy. The "Remote
Gateway" of the remote peer should be set to the IP address of
this WAN port.
Remote Gateway: Enter the Remote Gateway. It can be IP address or Domain
name.
Policy Mode: Select the negotiation mode for the policy.
IKE: The parameters for the VPN tunnel are generated
automatically via IKE negotiations.
Manual: All settings (including the keys) for the VPN tunnel
are manually inputted and no key negotiation is needed.
IKE Mode
IKE Policy: It is available when IKE is selected as the negotiation mode.
Specify the IKE policy. If there is no policy selection, add new
policy on VPN→IKE→IKE Policy page.
IPsec Proposal: Select IPsec Proposal on IKE mode. Up to four IPsec Proposals
can be selected on IKE mode.
PFS: Select the PFS (Perfect Forward Security) for IKE mode to
enhance security. This setting should match the remote peer.
With PFS feature, IKE negotiates to create a new key in