Configuration Guide 130
Configuring VPN IPSec VPN Configuration
Local ID When the Local ID Type is configured as NAME, enter a name for the local device as
the ID in IKE negotiation.
Remote ID
Type
Specify the remote ID type for IKE negotiation.
IP Address: Use an IP address as the ID in IKE negotiation. It is the default type.
NAME: Use a name as the ID in IKE negotiation. It refers to FQDN (Fully Qualified
Domain Name).
Remote ID When the Remote ID Type is configured as NAME, enter a name of the remote peer as
the ID in IKE negotiation .
SA Lifetime Specify ISAKMP SA (Security Association) Lifetime in IKE negotiation. If the SA lifetime
expired, the related ISAKMP SA will be deleted.
DPD Check the box to enable or disable DPD (Dead Peer Detect) function. If enabled, the IKE
endpoint can send a DPD request to the peer to inspect whether the IKE peer is alive.
DPD Interval If DPD is triggered, specify the interval between sending DPD requests. If the IKE
endpoint receives a response from the peer during this interval, it considers the peer
alive. If the IKE endpoint does not receive a response during the interval, it considers
the peer dead and deletes the SA.
Configuring the IKE Phase-2 Parameters
Choose the menu VPN > IPSec > IPSec Policy and click Advanced Settings to load the
following page.
Figure 2-3 Configuring the IKE Phase-2 Parameters
In the Phase-2 Settings section, configure the IKE phase-2 parameters and click OK.
Encapsulation
Mode
Specify the Encapsulation Mode as Tunnel Mode or Transport Mode. When both
ends of the tunnel are hosts, either mode can be chosen. When at least one of the
endpoints of a tunnel is a security gateway, such as a router or firewall, tunnel mode is
recommended to ensure safety.
Proposal Select the proposal for IKE negotiation phase 2 to specify the encryption algorithm,
authentication algorithm and protocol. Up to four proposals can be selected.
To Next Page
Loading...
