Prestige 334W User’s Guide
The following table describes the labels in this screen.
| Table | |
|
| |
LABEL | DESCRIPTION | |
|
| |
Active | Select this check box to activate this VPN policy. | |
|
| |
| Select this check box to turn on the Keep Alive feature for this SA. | |
Keep Alive | Turn on Keep Alive to have the Prestige automatically reinitiate the SA after the | |
| SA lifetime times out, even if there is no traffic. The remote IPSec router must | |
| also have keep alive enabled in order for this feature to work. | |
|
| |
NAT Traversal | Select this check box to enable NAT traversal. NAT traversal allows you to set | |
| up a VPN connection when there are NAT routers between the two IPSec | |
| routers. | |
| The remote IPSec router must also have NAT traversal enabled. | |
| You can use NAT traversal with ESP protocol using Transport or Tunnel mode, | |
| but not with AH protocol nor with manual key management. In order for an IPSec | |
| router behind a NAT router to receive an initiating IPSec packet, set the NAT | |
| router to forward UDP port 500 to the IPSec router behind the NAT router. | |
|
| |
| The advanced configuration page is only available with the IKE IPSec keying | |
| mode. | |
IPSec Keying Mode | Click the Basic button below in order to be able to choose the Manual IPSec | |
| keying mode. | |
| Make sure the remote gateway has the same configuration in this field. | |
|
| |
Protocol Number | Enter 1 for ICMP, 6 for TCP, 17 for UDP, etc. 0 is the default and signifies any | |
protocol. | ||
| ||
|
| |
Enable Replay | As a VPN setup is processing intensive, the system is vulnerable to Denial of | |
Service (DOS) attacks The IPSec receiver can detect and reject old or duplicate | ||
Detection | packets to protect against replay attacks. Enable replay detection by setting this | |
| field to Yes. | |
| The local IP address must be static and correspond to the remote IPSec router's | |
| configured remote IP addresses. | |
Local Address | Two active SAs can have the same local or remote IP address, but not both. You | |
| can configure multiple SAs between the same local and remote IP addresses, as | |
| long as only one is active at any time. | |
| 0 is the default and signifies any port. Type a port number from 0 to 65535. | |
Local Port Start | Some of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80, | |
| HTTP; 25, SMTP; 110, POP3 | |
|
|
VPN Screens |