Chapter 17 VPN
FMG3024-D10A / FMG3025-D10A Series User’s Guide
170
This screen contains the following fields:
Table 51 IPSec VPN: Add
LABEL DESCRIPTION
IPSEC Setup
Active Select Active to activate this VPN policy.
NAT Traversal Select this if any of these conditions are satisfied.
• This IKE SA might be used to negotiate IPSec SAs that use ESP as the active
protocol.
• There are one or more NAT routers between the Device and remote IPSec
router, and these routers do not support IPSec pass-thru or a similar feature.
The remote IPSec router must also enable NAT traversal, and the NAT routers
have to forward packets with UDP port 500 and UDP 4500 headers unchanged.
Tunnel Name Enter the name of the VPN connection.
Mode Select the encapsulation mode. When net-net is selected, the connection will
operate in tunnel mode.
Local
Local Address
Type
Select Single to have only one local LAN IP address use the VPN tunnel. Select
Subnet to specify local LAN IP addresses by their subnet mask.
IP Address
Start
If Single is selected, enter a (static) IP address on the LAN behind your Device.
If Subnet is selected, specify IP addresses on a network by their subnet mask
by entering a (static) IP address on the LAN behind your Device. Then enter the
subnet mask to identify the network address.
End/Subnet
Mask
If Subnet is selected, enter the subnet mask to identify the network address.
Remote
Remote
Address Type
Select Single to have only one remote LAN IP address use the VPN tunnel.
Select Subnet to specify remote LAN IP addresses by their subnet mask.
IP Address
Start
If Single is selected, enter a (static) IP address on the LAN behind the remote
IPSec’s router.
If Subnet is selected, specify IP addresses on a network by their subnet mask
by entering a (static) IP address on the LAN behind the remote IPSec’s router.
Then enter the subnet mask to identify the network address.
End/Subnet
Mask
If Subnet is selected, enter the subnet mask to identify the network address.
Address Information
WAN Interface Select the interface for the VPN gateway.
My IP Address Enter the IP address of the Device in the IKE SA.
Secure
Gateway
Address
Enter the IP address of the remote IPSec router in the IKE SA.
Local ID Select IP to identify the Device by its IP address.
Select DNS to identify this Device by a domain name.
Select E-mail to identify this Device by an e-mail address.