• Encapsulation Type: Select between 'Tunneling' or 'Transport' encapsulation.
'Transport' encapsulation is performed between two gateways (no subnets), and
therefore needs no explicit configuration. 'Tunneling' requires that you configure
the following parameters:
♦ Local Subnet: Define your local endpoint, by selecting one of the following
options:
IP Subnet (default): Enter the device's Local Subnet IP Address and
Local Subnet Mask.
IP Range: Enter the 'From' and 'To' IP addresses, forming the
endpoints range of the local subnet(s).
IP Address: Enter the Local IP Address to define the endpoint as a
single host.
None: Select this option if you do not want to define a local endpoint.
The endpoint is set to the gateway.
♦ Remote Subnet: This section is identical to the 'Local Subnet' section
above, but is for defining the remote endpoint.
Compress (Support IPComp protocol): Select this check box to
compress packets during encapsulation with the IP Payload
Compression protocol. Note that this reduces performance (and is
therefore unchecked by default).
• Protect Protocol: Select the protocols to protect with IPSec: All, TCP, UDP,
ICMP or GRE. When selecting TCP or UDP, additional source port and
destination port drop-down lists appear, enabling you to select All or to specify
'Single' ports in order to define the protection of specific packets. For example, to
protect L2TP packets, select UDP and specify 1701 as both single source and
single destination ports.
• Route NetBIOS Broadcasts: Select this option to allow NetBIOS packets
through the IPSec tunnel, which otherwise would not meet the routing conditions
specified.
• Key Exchange Method: The IPSec key exchange method can be 'Automatic'
(default) or 'Manual'. Selecting one of these options alters the rest of the page.
♦ Automatic key exchange settings:
Auto Reconnect: The IPSec connection reconnects automatically if
disconnected for any reason.
Enable Dead Peer Detection: The device detects whether the tunnel
endpoint has ceased to operate, in which case it terminates the
connection. Note that this feature is functional only if the other tunnel
endpoint supports it. This is determined during the negotiation phase of
the two endpoints.
DPD Delay in Seconds: The timeframe in which no traffic has passed
through the tunnel. After this timeframe, the device sends a packet to
test the tunnel endpoint, expecting a reply.
DPD Timeout in Seconds: The timeframe the device waits for the test
reply, after which it terminates the connection.
To Next Page
Loading...
