3
Item Description
Remote Gateway
Address/Hostname
Enter the address of the remote gateway, which can be an IP address or a host
name.
The IP address can be a host IP address or an IP address range. If the local end is
the initiator of IKE negotiation, it can have only one remote IP address and its
remote IP address must match the local IP address configured on its peer. If the
local end is the responder of IKE negotiation, it can have more than one remote IP
address and one of its remote IP addresses must match the local IP address
configured on its peer.
The remote host name uniquely identifies the remote gateway in the network, and
can be resolved into an IP address by the DNS server. The local end can be the
initiator of IKE negotiation when the host name is specified.
Local Gateway
Address
Enter the IP address of the local gateway.
By default, it is the primary IP address of the interface where the IPsec connection
is set up.
IMPORTANT:
Configure this item when you want to specify a special address (a loopback
interface address, for example) for the local gateway. The name or IP address of
the remote gateway is required for an initiator so that the initiator can find the
remote peer in negotiation.
Authentication Method
Select the authentication method to be used by the IKE negotiation. Options
include:
• Pre-Shared-Key—Uses the pre-shared key method. If this option is
selected, enter the key in the Key field and enter the same key in the
Confirm Key filed.
• Certificate—Uses the digital signature method. If this option is selected,
select a certificate from the list. Available certificates are configured in the
certificate management.
Remote ID Type
Select the remote ID type for IKE
negotiation phase 1. Options include:
• IP Address—Uses an IP address
as the ID in IKE negotiation.
• FQDN—Uses a Fully Qualified
Domain Name (FQDN) type of a
gateway name as the ID in IKE
negotiation. If this option is
selected, the remote gateway ID
is required.
IMPORTANT:
• If the IKE negotiation initiator uses
the FQDN or user FQDN ID type
of the security gateway as the ID
for IKE negotiation, it sends its
gateway ID to the peer, and the
peer uses the locally configured
remote gateway ID to authenticate
the initiator. Make sure that the
remote gateway ID configured
here is identical to the local
gateway ID configured on its peer.
• In main mode, only the ID type of
IP address can be used in IKE
negotiation and SA establishment.
Local ID Type
Select the local ID type for IKE
negotiation phase 1. Options include:
• IP Address—Uses an IP address
as the ID in IKE negotiation.
• FQDN—Uses an FQDN type as
the ID in IKE negotiation. If this
option is selected, enter a name
without any at sign (@) for the
local security gateway, for
example, foo.bar.com.
• User FQDN—Uses a user FQDN
type as the ID in IKE negotiation.
If this option is selected, enter a
name string with an at sign (@) for
the local security gateway, for
example, test@foo.bar.com.
Selector Select a method to identify the traffic to be protected by IPsec. Options include:
To Next Page
Loading...
Need help?
General
