Prestige 334W User’s Guide
| Table |
|
|
LABEL | DESCRIPTION |
|
|
Active | Select this check box to activate this VPN tunnel. This option determines whether a |
| VPN rule is applied before a packet leaves the firewall. |
|
|
Keep Alive | Select this check box to have the Prestige automatically |
| SA lifetime times out, even if there is no traffic. The remote IPSec router must also |
| have keep alive enabled in order for this feature to work. |
|
|
NAT Traversal | Select this check box to enable NAT traversal. NAT traversal allows you to set up a |
| VPN connection when there are NAT routers between the two IPSec routers. |
| The remote IPSec router must also have NAT traversal enabled. |
| You can use NAT traversal with ESP protocol using Transport or Tunnel mode, but |
| not with AH protocol nor with manual key management. In order for an IPSec router |
| behind a NAT router to receive an initiating IPSec packet, set the NAT router to |
| forward UDP port 500 to the IPSec router behind the NAT router. |
|
|
IPSec Keying | Select IKE or Manual from the |
Mode | it is generally recommended. Manual is a useful option for troubleshooting. |
Local Address | The local IP address must be static and correspond to the remote IPSec router's |
| configured remote IP addresses. |
| Two active SAs can have the same local or remote IP address, but not both. You |
| can configure multiple SAs between the same local and remote IP addresses, as |
| long as only one is active at any time. |
|
|
Remote Address | Remote IP addresses must be static and correspond to the remote IPSec router's |
Start | configured local IP addresses. The remote address fields do not apply when the |
| Secure Gateway Address field is configured to 0.0.0.0. In this case only the |
| remote IPSec router can initiate the VPN. |
| Two active SAs cannot have the local and remote IP address(es) both the same. |
| Two active SAs can have the same local or remote IP address, but not both. You |
| can configure multiple SAs between the same local and remote IP addresses, as |
| long as only one is active at any time. |
| Enter a (static) IP address on the network behind the remote IPSec router. |
|
|
Remote Address | When the remote IP address is a single address, type it a second time here. |
End/Mask | When the remote IP address is a range, enter the end (static) IP address, in a range |
| |
| of computers on the network behind the remote IPSec router. |
| When the remote IP address is a subnet address, enter a subnet mask on the |
| network behind the remote IPSec router. |
|
|
VPN Screens |