Page 104

Chapter 10. Configuring VPN

Internet Security Router User

’s Manual

Options

Description

VPN Connection Type

Site to site

Click this radio button to add a policy for site-to-site users.

Remote access

Click this radio button to add a policy for remote access users.

User Group (only available for Remote Access mode)

Select a user group from the User Group drop-down list to which this rule should apply.

Local Secure Group

This option allows you to set the local secure network to which this rule should apply. This option

allows you to apply this rule inclusively on all computers in the internal network. Use the

“Type”

drop-down list to select one of the following:

IP Address

Enter the appropriate IP address for the local secure group.

Subnet

This option allows you to include all the computers that are connected in an

IP subnet. The following fields become available when this option is

selected:

Subnet Address

Specify the appropriate network address.

Subnet Mask

Enter the subnet mask.

IP Range

This option allows you to include a range of IP addresses for applying this

rule. The following fields become available for entry when this option is

selected:

Start IP

Enter the starting IP address of the range.

End IP

Enter the ending IP address of the range.

Remote Secure Group (only available for site to site VPN mode)

This option allows you to set the remote (destination) secure network to which this rule should

apply. This option allows you to apply this rule inclusively on all computers in the external network.

Use the

“Type” drop-down list to select one of the following:

IP Address

Subnet

IP Range

Select any of these and enter details as described in the Local Secure

Group above.

Remote Gateway

You have a choice of entering either the IP address or the FQDN (fully qualified domain name) for

the remote secure gateway.

Any

Select this option to accept connection request from any computer.

IP Address

Select this option to specify an IP address for the remote secure gateway.

FQDN

Select this option to enter the fully qualified domain name for the remote

secure gateway.

Key Management (only available for site to site VPN mode)

Two modes are supported: pre-shared key and manual key. Select from the Key Management

drop-down list for the desired key management mode. If

“manual key” mode is selected,

configuration for IKE proposal is skipped.

IKE Proposal Settings (only available for pre-shared key)

Note that all options for the IKE proposal settings are available only when pre-shared key is selected.

IKE Mode

Main mode and aggressive mode are supported. Click the proper radio

button for the desired IKE mode.