User Interface
R&S
®
GP-E/GP-S
115User Manual v16.2.1 ─ 01
Field Description
"Connection Mode" You can choose from three modes:
●
auto start – the tunnel is established immediately and stays up even if
there is no traffic
●
on demand – the tunnel is only established if there is traffic generated by
the initiator
●
responder – the tunnel is only established on request from the initiating
site
Note: In the case of auto start and on demand, the firewall acts as the ini-
tiator and establishes the tunnel.
While auto start is selected by default, you can choose to configure one site
as on demand and the other site as responder if you want to save costs on
both sites.
"Connection Timeout" If you select on demand or responder, you can specify a connection timeout
(in minutes). The tunnel is disconnected when there is no traffic until the time-
out is reached. The timeout is set to zero minutes by default, which means that
there will be no timeout at all. Any other integer from 0 to 1440 specifies the
period of time after which the tunnel will be closed if there is no traffic.
On the "Local Configuration" tab, you can specify the settings for the local side of the
VPN connection:
Field Description
"Access Zone" From the drop-down list, select the zone in which the tunnel should end and
encrypted data being sent through the VPN tunnel arrive.
"Local Address" Enter a valid public IP address or the fully qualified domain name (FQDN)
under which the firewall is reachable from the outside. If the local network is
behind a NAT device, enter %defaultroute to indicate the reachable host IP
address in the selected zone. The IPsec stack will listen for IPsec packets on
that address.
"Termination Zone" From the drop-down list, select the zone in which the data being sent through
the VPN tunnel and afterwards decrypted should be accessible.
"Use Local Identity" Select this checkbox to be able to choose a "Local Identity Type" determining
the type of identity to be entered in the "Local Identity" field.
Note: If you set up more than one IPsec connection in the same access zone,
this option is mandatory for all IPsec connections in this zone.
"Local Identity Type" The type of identity can be selected from:
●
Mail – an email address
●
Hostname – a fully qualified domain or host name (this name will not be
resolved via DNS)
●
IP – an IP address or a DNS name which will be resolved via local DNS
●
KeyID – an alphanumeric string without spaces
"Local Identity" The local identity is used to uniquely identify the local end of a connection for
authentication. Define a value in accordance with the selected local identity
type.
"Local Subnets" The selected local subnets will be accessible from the configured remote end's
networks.
On the "Remote Configuration" tab, you can define the settings for the other end of the
VPN connection:
Menu Reference
To Next Page
Loading...