Prestige 2602H/HW Series User’s Guide

Table 148 Menu 27.1.1 IPSec Setup (continued)

FIELD

DESCRIPTION

 

 

Nat Traversal

Press [SPACE BAR] to choose either Yes or No. Choose Yes and press [ENTER] to

 

enable NAT traversal. NAT traversal allows you to set up a VPN connection when

 

there are NAT routers between the two IPSec routers.

 

The remote IPSec router must also have NAT traversal enabled. You can use NAT

 

traversal with ESP protocol using Transport or Tunnel mode, but not with AH

 

protocol nor with Manual key management.

 

In order for an IPSec router behind a NAT router to receive an initiating IPSec packet,

 

set the NAT router to forward UDP port 500 to the IPSec router behind the NAT

 

router.

Local ID type

Press [SPACE BAR] to choose IP, DNS, or E-mailand press [ENTER].

 

Select IP to identify this Prestige by its IP address.

 

Select DNS to identify this Prestige by a domain name.

 

Select E-mailto identify this Prestige by an e-mail address.

 

 

Content

When you select IP in the Local ID Type field, type the IP address of your computer

 

or leave the field blank to have the Prestige automatically use its own IP address.

 

When you select DNS in the Local ID Type field, type a domain name (up to 31

 

characters) by which to identify this Prestige.

 

When you select E-mailin the Local ID Type field, type an e-mail address (up to 31

 

characters) by which to identify this Prestige.

 

The domain name or e-mail address that you use in the Content field is used for

 

identification purposes only and does not need to be a real domain name or e-mail

 

address.

My IP Addr

Enter the IP address of your Prestige. The Prestige uses its current WAN IP address

 

(static or dynamic) in setting up the VPN tunnel if you leave this field as 0.0.0.0.

 

The VPN tunnel has to be rebuilt if this IP address changes.

 

 

Peer ID type

Press [SPACE BAR] to choose IP, DNS, or E-mailand press [ENTER].

 

Select IP to identify the remote IPSec router by its IP address.

 

Select DNS to identify the remote IPSec router by a domain name.

 

Select E-mailto identify the remote IPSec router by an e-mail address.

 

 

Content

When you select IP in the Peer ID Type field, type the IP address of the computer

 

with which you will make the VPN connection or leave the field blank to have the

 

Prestige automatically use the address in the Secure Gateway Address field.

 

When you select DNS in the Peer ID Type field, type a domain name (up to 31

 

characters) by which to identify the remote IPSec router.

 

When you select E-mailin the Peer ID Type field, type an e-mail address (up to 31

 

characters) by which to identify the remote IPSec router.

 

The domain name or e-mail address that you use in the Content field is used for

 

identification purposes only and does not need to be a real domain name or e-mail

 

address. The domain name also does not have to match the remote router’s IP

 

address or what you configure in the Secure Gateway Address field below.

Secure

Type the IP address or the domain name (up to 31 characters) of the IPSec router

Gateway

with which you’re making the VPN connection.

Address

Set this field to 0.0.0.0 if the remote IPSec router has a dynamic WAN IP address (the

 

Key Management field must be set to IKE, see later).

Protocol

Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any

 

protocol.

428

Chapter 43 VPN/IPSec Setup