Prestige 662H/HW Series User’s Guide

 

Table 72 VPN IKE (continued)

 

 

 

 

LABEL

DESCRIPTION

 

 

 

 

My IP Address

Enter the WAN IP address of your Prestige. The VPN tunnel has to be rebuilt if

 

 

this IP address changes.

 

 

The following applies if this field is configured as 0.0.0.0:

 

 

The Prestige uses the current Prestige WAN IP address (static or dynamic) to set

 

 

up the VPN tunnel.

 

 

If the WAN connection goes down, the Prestige uses the dial backup IP address

 

 

for the VPN tunnel when using dial backup or the LAN IP address when using

 

 

traffic redirect. See the chapter on WAN for details on dial backup and traffic

 

 

redirect.

 

Peer ID Type

Select IP to identify the remote IPSec router by its IP address.

 

 

Select DNS to identify the remote IPSec router by a domain name.

 

 

Select E-mailto identify the remote IPSec router by an e-mail address.

 

Content

The configuration of the peer content depends on the peer ID type.

 

 

For IP, type the IP address of the computer with which you will make the VPN

 

 

connection. If you configure this field to 0.0.0.0 or leave it blank, the Prestige will

 

 

use the address in the Secure Gateway Address field (refer to the Secure

 

 

Gateway Address field description).

 

 

For DNS or E-mail, type a domain name or e-mail address by which to identify the

 

 

remote IPSec router. Use up to 31 ASCII characters including spaces, although

 

 

trailing spaces are truncated. The domain name or e-mail address is for

 

 

identification purposes only and can be any string.

 

 

It is recommended that you type an IP address other than 0.0.0.0 or use the DNS

 

 

or E-mailID type in the following situations:

 

 

When there is a NAT router between the two IPSec routers.

 

 

When you want the Prestige to distinguish between VPN connection requests that

 

 

come in from remote IPSec routers with dynamic WAN IP addresses.

 

Secure Gateway

Type the WAN IP address or the URL (up to 31 characters) of the IPSec router

 

Address

with which you're making the VPN connection. Set this field to 0.0.0.0 if the

 

 

remote IPSec router has a dynamic WAN IP address (the Key Management field

 

 

must be set to IKE).

 

 

In order to have more than one active rule with the Secure Gateway Address

 

 

field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between

 

 

rules.

 

 

If you configure an active rule with 0.0.0.0 in the Secure Gateway Address field

 

 

and the LAN’s full IP address range as the local IP address, then you cannot

 

 

configure any other active rules with the Secure Gateway Address field set to

 

 

0.0.0.0.

 

Security Protocol

 

 

 

 

 

VPN Protocol

Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP

 

 

protocol (RFC 2406) provides encryption as well as some of the services offered

 

 

by AH. If you select ESP here, you must select options from the Encryption

 

 

Algorithm and Authentication Algorithm fields (described below).

Chapter 19 VPN Screens

230