Policy-based - (default) All the matched traffic as defined in Local Networks and
Remote Networks will be routed to this IPsec connection, this cannot be
overridden by other routing methods.
Route-based - Outbound Policy rule is required to route traffic to this tunnel and
comes with more flexibility to control how to route traffic compared to
Policy-based. If you want to modify the traffic selector instead of using the
default (0.0.0.0/0).
Note : This option is available for certain following models only:
● MAX: BR1 ENT, Transit, 700 HW3 or above, HD2 HW5 or above, HD4
Enter the local LAN subnets here. If you have defined static routes, they will be
shown here.
Using NAT, you can map a specific local network / IP address to another, and the
packets received by remote gateway will appear to be coming from the mapped
network / IP address. This allow you to establish IPsec connection to a remote
site that has one or more subnets overlapped with local site.
Two types of NAT policies can be defined:
One-to-One NAT policy: if the defined subnet in Local Network and NAT Network
has the same size, for example, policy "192.168.50.0/24 > 172.16.1.0/24" will
translate the local IP address 192.168.50.10 to 172.16.1.10 and 192.168.50.20
to 172.16.1.20. This is a bidirectional mapping which means clients in remote
site can initiate connection to the local clients using the mapped address too.
Many-to-One NAT policy: if the defined NAT Network on the right hand side is an
IP address (or having a network prefix /32), for example, policy "192.168.1.0/24
> 172.168.50.1/32" will translate all clients in 192.168.1.0/24 network to
172.168.50.1. This is a unidirectional mapping which means clients in remote
site will not be able to initiate connection to the local clients.
To Next Page
Loading...
Need help?
General
