Chapter 18 VPN Screens
Figure 163 Advanced VPN Policies
The following table describes the fields in this screen.
Table 110 Advanced VPN Policies
LABEL | DESCRIPTION |
VPN - IKE |
|
|
|
Protocol | Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any |
| protocol. |
|
|
Enable Replay | As a VPN setup is processing intensive, the system is vulnerable to Denial of |
Detection | Service (DoS) attacks The IPSec receiver can detect and reject old or duplicate |
| packets to protect against replay attacks. Select YES from the |
| to enable replay detection, or select NO to disable it. |
|
|
Local Start Port | 0 is the default and signifies any port. Type a port number from 0 to 65535. Some |
| of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25, |
| SMTP; 110, POP3. |
|
|
End | Enter a port number in this field to define a port range. This port number must be |
| greater than that specified in the previous field. If Local Start Port is left at 0, |
| End will also remain at 0. |
|
|
Remote Start Port | 0 is the default and signifies any port. Type a port number from 0 to 65535. Some |
| of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25, |
| SMTP; 110, POP3. |
|
|
End | Enter a port number in this field to define a port range. This port number must be |
| greater than that specified in the previous field. If Remote Start Port is left at 0, |
| End will also remain at 0. |
|
|
Phase 1 |
|
|
|
Negotiation Mode | Select Main or Aggressive from the |
| through a secure gateway must have the same negotiation mode. |
|
|
290 |
| |
| ||
|
|
|