Chapter 18 VPN Screens

Figure 163 Advanced VPN Policies

The following table describes the fields in this screen.

Table 110 Advanced VPN Policies

LABEL

DESCRIPTION

VPN - IKE

 

 

 

Protocol

Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any

 

protocol.

 

 

Enable Replay

As a VPN setup is processing intensive, the system is vulnerable to Denial of

Detection

Service (DoS) attacks The IPSec receiver can detect and reject old or duplicate

 

packets to protect against replay attacks. Select YES from the drop-down menu

 

to enable replay detection, or select NO to disable it.

 

 

Local Start Port

0 is the default and signifies any port. Type a port number from 0 to 65535. Some

 

of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25,

 

SMTP; 110, POP3.

 

 

End

Enter a port number in this field to define a port range. This port number must be

 

greater than that specified in the previous field. If Local Start Port is left at 0,

 

End will also remain at 0.

 

 

Remote Start Port

0 is the default and signifies any port. Type a port number from 0 to 65535. Some

 

of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, HTTP; 25,

 

SMTP; 110, POP3.

 

 

End

Enter a port number in this field to define a port range. This port number must be

 

greater than that specified in the previous field. If Remote Start Port is left at 0,

 

End will also remain at 0.

 

 

Phase 1

 

 

 

Negotiation Mode

Select Main or Aggressive from the drop-down list box. Multiple SAs connecting

 

through a secure gateway must have the same negotiation mode.

 

 

290

 

P-2602HWLNI User’s Guide