|
| Prestige 334 User’s Guide | |
| Table 51 VPN: Rule Setup (Basic) | ||
|
|
|
|
| LABEL | DESCRIPTION |
|
|
|
|
|
| Secure Gateway | Type the WAN IP address or the URL (up to 31 characters) of the IPSec router |
|
| Address | with which you're making the VPN connection. Set this field to 0.0.0.0 if the |
|
|
| remote IPSec router has a dynamic WAN IP address (the IPSec Keying Mode |
|
|
| field must be set to IKE). The remote address fields do not apply when the |
|
|
| Secure Gateway Address field is configured to 0.0.0.0. In this case only the |
|
|
| remote IPSec router can initiate the VPN. |
|
| Peer ID Type | Select IP to identify the remote IPSec router by its IP address. |
|
|
| Select DNS to identify the remote IPSec router by a domain name. |
|
|
| Select |
|
|
|
|
|
| Peer Content | The configuration of the peer content depends on the peer ID type. |
|
|
| For IP, type the IP address of the computer with which you will make the VPN |
|
|
| connection. If you configure this field to 0.0.0.0 or leave it blank, the Prestige will |
|
|
| use the address in the Secure Gateway Address field (refer to the Secure |
|
|
| Gateway Address field description). |
|
|
| For DNS or |
|
|
| the remote IPSec router. Use up to 31 ASCII characters including spaces, |
|
|
| although trailing spaces are truncated. The domain name or |
|
|
| identification purposes only and can be any string. |
|
|
| It is recommended that you type an IP address other than 0.0.0.0 or use the DNS |
|
|
| or |
|
|
| When there is a NAT router between the two IPSec routers. |
|
|
| When you want the Prestige to distinguish between VPN connection requests |
|
|
| that come in from remote IPSec routers with dynamic WAN IP addresses. |
|
| Encapsulation | Select Tunnel mode or Transport mode from the |
|
| Mode |
|
|
| IPSec Protocol | Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP |
|
|
| protocol (RFC 2406) provides encryption as well as some of the services offered |
|
|
| by AH. If you select ESP here, you must select options from the Encryption |
|
|
| Algorithm and Authentication Algorithm fields (described next). |
|
|
| Select AH if you want to use AH (Authentication Header Protocol). The AH |
|
|
| protocol (RFC 2402) was designed for integrity, authentication, sequence |
|
|
| integrity (replay resistance), and |
|
|
| which the ESP was designed. If you select AH here, you must select options |
|
|
| from the Authentication Algorithm field (described later). |
|
| Type your |
| |
|
| communicating party during a phase 1 IKE negotiation. It is called |
|
|
| because you have to share it with another party before you can communicate |
|
|
| with them over a secure connection. |
|
|
| Type from 8 to 31 |
|
|
|
| |
|
| x), which is not counted as part of the 16 to 62 character range for the key. For |
|
|
| example, in "0x0123456789ABCDEF", “0x” denotes that the key is hexadecimal |
|
|
| and “0123456789ABCDEF” is the key itself. |
|
|
| Both ends of the VPN tunnel must use the same |
|
|
| a “PYLD_MALFORMED” (payload malformed) packet if the same |
|
|
| is not used on both ends |
|
| Encryption | Select DES or 3DES from the |
|
| Algorithm | algorithm should be identical to the secure remote gateway. When DES is used |
|
|
| for data communications, both sender and receiver must know the same secret |
|
|
| key, which can be used to encrypt and decrypt the message. The DES |
|
|
| encryption algorithm uses a |
|
|
| that uses a |
|
|
| requires more processing power, resulting in increased latency and decreased |
|
|
| throughput. |
|
Chapter 15 VPN Screens | 166 |