Prestige 334 User’s Guide
Table 53 Rule Setup: Manual
LABEL | DESCRIPTION |
|
|
Local Port End | Type a port number in this field to define a port range. This port number must |
| be greater than that specified in the previous field. If Local Port Start is left at |
| 0, Local Port End will also remain at 0. |
Remote Address Start | Remote IP addresses must be static and correspond to the remote IPSec |
| router's configured local IP addresses. The remote address fields do not |
| apply when the Secure Gateway IP Address field is configured to 0.0.0.0. In |
| this case only the remote IPSec router can initiate the VPN. |
| Two active SAs cannot have the local and remote IP address(es) both the |
| same. Two active SAs can have the same local or remote IP address, but not |
| both. You can configure multiple SAs between the same local and remote IP |
| addresses, as long as only one is active at any time. |
| Enter a (static) IP address on the network behind the remote IPSec router. |
|
|
Remote Address End/ | When the remote IP address is a single address, type it a second time here. |
Mask | When the remote IP address is a range, enter the end (static) IP address, in a |
| range of computers on the network behind the remote IPSec router. |
| When the remote IP address is a subnet address, enter a subnet mask on the |
| network behind the remote IPSec router. |
Remote Port Start | "0" is the default and signifies any port. Type a port number from 0 to 65535. |
| Some of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, |
| HTTP; 25, SMTP; 110, POP3. |
Remote Port End | Enter a port number in this field to define a port range. This port number must |
| be greater than that specified in the previous field. If Remote Port Start is left |
| at 0, Remote Port End will also remain at 0. |
DNS Server (for IPSec | If there is a private DNS server that services the VPN, type its IP address |
VPN) | here. The Prestige assigns this additional DNS server to the Prestige’s DHCP |
| clients that have IP addresses in this IPSec rule's range of local addresses. A |
| DNS server allows clients on the VPN to find other computers and servers on |
| the VPN by their (private) domain names. |
My IP Address | Enter the WAN IP address of your Prestige. The Prestige uses its current |
| WAN IP address (static or dynamic) in setting up the VPN tunnel if you leave |
| this field as 0.0.0.0. The VPN tunnel has to be rebuilt if this IP address |
| changes. |
Secure Gateway IP | Type the WAN IP address or the URL (up to 31 characters) of the IPSec |
Address | router with which you're making the VPN connection. |
SPI | Type a number (base 10) from 1 to 999999 for the Security Parameter Index. |
|
|
Encapsulation Mode | Select Tunnel mode or Transport mode from the |
|
|
Enable Replay | As a VPN setup is processing intensive, the system is vulnerable to Denial of |
Detection | Service (DoS) attacks The IPSec receiver can detect and reject old or |
| duplicate packets to protect against replay attacks. Select YES from the drop- |
| down menu to enable replay detection, or select NO to disable it. |
IPSec Protocol | Select ESP if you want to use ESP (Encapsulation Security Payload). The |
| ESP protocol (RFC 2406) provides encryption as well as some of the services |
| offered by AH. If you select ESP here, you must select options from the |
| Encryption Algorithm and Authentication Algorithm fields (described |
| next). |
| Select AH if you want to use AH (Authentication Header Protocol). The AH |
| protocol (RFC 2402) was designed for integrity, authentication, sequence |
| integrity (replay resistance), and |
| which the ESP was designed. If you select AH here, you must select options |
| from the Authentication Algorithm field (described later). |
177 | Chapter 15 VPN Screens |