![](/images/backgrounds/126821/126821-366166x1.png)
Prestige 334 User’s Guide
Table 51 VPN: Rule Setup (Basic)
LABEL | DESCRIPTION |
|
|
IPSec Keying Mode | Select IKE or Manual from the |
| so it is generally recommended. Manual is a useful option for troubleshooting. |
Local Address | The local IP address must be static and correspond to the remote IPSec router's |
| configured remote IP addresses. |
| Two active SAs can have the same local or remote IP address, but not both. You |
| can configure multiple SAs between the same local and remote IP addresses, as |
| long as only one is active at any time. |
Remote Address | Remote IP addresses must be static and correspond to the remote IPSec |
Start | router's configured local IP addresses. The remote address fields do not apply |
| when the Secure Gateway Address field is configured to 0.0.0.0. In this case |
| only the remote IPSec router can initiate the VPN. |
| Two active SAs cannot have the local and remote IP address(es) both the same. |
| Two active SAs can have the same local or remote IP address, but not both. You |
| can configure multiple SAs between the same local and remote IP addresses, as |
| long as only one is active at any time. |
| Enter a (static) IP address on the network behind the remote IPSec router. |
|
|
Remote Address | When the remote IP address is a single address, type it a second time here. |
End/Mask | When the remote IP address is a range, enter the end (static) IP address, in a |
| range of computers on the network behind the remote IPSec router. |
| When the remote IP address is a subnet address, enter a subnet mask on the |
| network behind the remote IPSec router. |
DNS Server (for | If there is a private DNS server that services the VPN, type its IP address here. |
IPSec VPN) | The Prestige assigns this additional DNS server to the Prestige’s DHCP clients |
| that have IP addresses in this IPSec rule's range of local addresses. A DNS |
| server allows clients on the VPN to find other computers and servers on the VPN |
| by their (private) domain names. |
My IP Address | Enter the WAN IP address of your Prestige. The Prestige uses its current WAN |
| IP address (static or dynamic) in setting up the VPN tunnel if you leave this field |
| as 0.0.0.0. |
| The VPN tunnel has to be rebuilt if this IP address changes. |
|
|
Local ID Type | Select IP to identify this Prestige by its IP address. |
| Select DNS to identify this Prestige by a domain name. |
| Select |
|
|
Local Content | When you select IP in the Local ID Type field, type the IP address of your |
| computer in the local Content field. The Prestige automatically uses the IP |
| address in the My IP Address field (refer to the My IP Address field description) |
| if you configure the local Content field to 0.0.0.0 or leave it blank. |
| It is recommended that you type an IP address other than 0.0.0.0 in the local |
| Content field or use the DNS or |
| When there is a NAT router between the two IPSec routers. |
| When you want the remote IPSec router to be able to distinguish between VPN |
| connection requests that come in from IPSec routers with dynamic WAN IP |
| addresses. |
| When you select DNS or |
| or |
| up to 31 ASCII characters including spaces, although trailing spaces are |
| truncated. The domain name or |
| and can be any string. |
165 | Chapter 15 VPN Screens |