Prestige 2602HW Series User’s Guide

 

Table 60 VPN Summary (continued)

 

 

 

 

LABEL

DESCRIPTION

 

 

 

 

Remote

This is the IP address(es) of computer(s) on the remote network behind the remote

 

Address

IPSec router.

 

 

This field displays N/A when the Secure Gateway Address field displays 0.0.0.0. In

 

 

this case only the remote IPSec router can initiate the VPN.

 

 

The same (static) IP address is displayed twice when the Remote Address Type

 

 

field in the VPN-IKE(or VPN-Manual Key) screen is configured to Single.

 

 

The beginning and ending (static) IP addresses, in a range of computers are

 

 

displayed when the Remote Address Type field in the VPN-IKE (or VPN-Manual

 

 

Key) screen is configured to Range.

 

 

A (static) IP address and a subnet mask are displayed when the Remote Address

 

 

Type field in the VPN-IKE(or VPN-Manual Key) screen is configured to Subnet.

 

Encap.

This field displays Tunnel or Transport mode (Tunnel is the default selection).

 

 

 

 

IPSec Algorithm

This field displays the security protocols used for an SA.

 

 

Both AH and ESP increase Prestige processing requirements and communications

 

 

latency (delay).

 

Secure Gateway

This is the static WAN IP address or URL of the remote IPSec router. This field

 

IP

displays 0.0.0.0 when you configure the Secure Gateway Address field in the VPN-

 

 

IKE screen to 0.0.0.0.

 

Back

Click Back to return to the previous screen.

 

 

 

17.6 Keep Alive

When you initiate an IPSec tunnel with keep alive enabled, the Prestige automatically renegotiates the tunnel when the IPSec SA lifetime period expires (see Section 17.12 on page 214 for more on the IPSec SA lifetime). In effect, the IPSec tunnel becomes an “always on” connection after you initiate it. Both IPSec routers must have a Prestige-compatible keep alive feature enabled in order for this feature to work.

If the Prestige has its maximum number of simultaneous IPSec tunnels connected to it and they all have keep alive enabled, then no other tunnels can take a turn connecting to the Prestige because the Prestige never drops the tunnels that are already connected. Refer to Section 1.3 on page 46 to see how many simultaneous IPSec SAs your Prestige model can support.

When there is outbound traffic with no inbound traffic, the Prestige automatically drops the tunnel after two minutes.

17.7 Remote DNS Server

In cases where you want to use domain names to access Intranet servers on a remote network that has a DNS server, you must identify that DNS server. You cannot use DNS servers on the LAN or from the ISP since these DNS servers cannot resolve domain names to private IP addresses on the remote network

Chapter 17 VPN Screens

205