Prestige 652H/HW

 

Table 10 VPN IKE

 

 

LABEL

DESCRIPTION

 

 

Active

Select this check box to activate this VPN tunnel. This option determines whether a

 

VPN rule is applied before a packet leaves the firewall.

 

 

Keep Alive

Select either Yes or No from the drop-down list box.

 

Select Yes to have the Prestige automatically re-initiate the SA after the SA lifetime

 

times out, even if there is no traffic. The remote IPSec router must also have keep alive

 

enabled in order for this feature to work.

 

 

Name

Type up to 32 characters to identify this VPN policy. You may use any character,

 

including spaces, but the Prestige drops trailing spaces.

 

 

IPSec Key Mode

Select IKE or Manual from the drop-down list box. IKE provides more protection so it is

 

generally recommended. Manual is a useful option for troubleshooting.

Negotiation Mode

Select Main or Aggressive from the drop-down list box. Multiple SAs connecting

 

through a secure gateway must have the same negotiation mode.

 

 

Local

Local IP addresses must be static and correspond to the remote IPSec router's

 

configured remote IP addresses.

 

Two active SAs can have the same local or remote IP address, but not both. You can

 

configure multiple SAs between the same local and remote IP addresses, as long as

 

only one is active at any time.

 

 

Local Address

Use the drop-down menu to choose Single, Range, or Subnet. Select Single for a

Type

single IP address. Select Range for a specific range of IP addresses. Select Subnet to

 

specify IP addresses on a network by their subnet mask.

 

 

IP Address Start

When the Address Type field is configured to Single, enter a (static) IP address on the

 

LAN behind your Prestige. When the Address Type field is configured to Range, enter

 

the beginning (static) IP address, in a range of computers on your LAN behind your

 

Prestige. When the Address Type field is configured to Subnet, this is a (static) IP

 

address on the LAN behind your Prestige.

 

 

End/ Subnet Mask

When the Address Type field is configured to Single, this field is N/A. When the

 

Address Type field is configured to Range, enter the end (static) IP address, in a

 

range of computers on the LAN behind your Prestige. When the Address Type field is

 

configured to Subnet, this is a subnet mask on the LAN behind your Prestige.

Remote

Remote IP addresses must be static and correspond to the remote IPSec router's

 

configured local IP addresses. The remote fields do not apply when the Secure

 

Gateway IP Address field is configured to 0.0.0.0. In this case only the remote IPSec

 

router can initiate the VPN.

 

Two active SAs cannot have the local and remote IP address(es) both the same. Two

 

active SAs can have the same local or remote IP address, but not both. You can

 

configure multiple SAs between the same local and remote IP addresses, as long as

 

only one is active at any time.

 

 

30