Authentication method to be used in IKE negotiations in IKE-based tunnels.
• Pre-shared Key: IKE peers authenticate each other by computing and sending a
keyed hash of data that includes the Pre-shared Key. If the receiving peer is able to
create the same hash independently using its Pre-shared key, it knows that both
peers must share the same secret, thus authenticating the other peer. Pre-shared keys
do not scale well because each IPSec peer must be configured with the Pre-shared
key of every other peer with which it establishes a session. Enter the Pre-shared
Key, and check Enable to show the Pre-shared key and to enable the Minimum
Pre-shared Key Complexity.
• Certificate: The digital certificate is a package that contains information such as a
certificate bearer's identity: name or IP address, the certificate's serial number, the
certificate's expiration date, and a copy of the certificate bearer's public key. The
standard digital certificate format is defined in the X.509 specification. X.509 version
3 defines the data structure for certificates. Select the certificate from the drop-down
list.
IKE Authentication Method
Select the local identifier from the drop-down list (Local WAN IP, IP Address, FQDN,
or User FQDN). Next enter the IP address for the local identifier.
Local Identifier
Select the remote identifier from the drop-down list (IP Address, FQDN, or User
FQDN). Next enter the IP address for the remote identifier.
Remote Identifier
Check Extended Authentication to enable and select from the existing options, or click
Add to add a new name.
Extended Authentication
Check Pool Range for Client LAN to enable and complete the following:
• Start IP – Enter the start IP address for the pool range.
• End IP - Enter the end IP address for the pool range.
Pool Range for Client LAN
Step 4 In the Advanced Settings tab, configure the following:
Select the remote endpoint (Static IP, FQDN, or Dynamic IP) from the drop-down list.Remote Endpoint
LAN resources provided with secured access using tunnel. Select IP address or subnet
from the drop-down list.
Local IP Type
Enter the primary IP address of the DNS server to be used in the remote network.Primary DNS Server
Enter the secondary IP address of the DNS server to be used in the remote network.Secondary DNS Server
Primary and secondary IP address of a Windows Internet Naming Service (WINS) server.Primary and Secondary
WINS Server
Enter the name of the default domain.Default Domain
Check On to enable the split tunnel. Then click Add, and check the Domain Name, and
enter a name. You can add, edit, or delete a split tunnel.
Split Tunnel
Check to enable split tunnel. Then click Add, to enter an IP address and netmask for the
split tunnel. You can add, edit, or delete a split tunnel.
Split DNS
RV260x Administration Guide
98
VPN
Client to Site
To Next Page
Loading...
Need help?
General
