Virtual Private Networks (VPN)
IPsec
IX20 User Guide
269
7. The IPsec tunnel is enabled by default. To disable, click
Enable
.
8. (Optional) The
Preferred tunnel
option allows you to configure IPsec failover behavior. When
configuring a backup IPsec tunnel, for
Preferred tunnel
, select the primary IPsec tunnel. This
instructs the backup tunnel to only start when the primary tunnel is determined to have failed.
It will continue to operate until the preferred tunnel returns to full operational status.
When configuring the primary tunnel, and when configuring tunnels that will not fail over to a
backup tunnel, leave this option blank.
9. (Optional) Enable
Force UDP encapsulation
to force the tunnel to use UDP encapsulation even
when it does not detect that NAT is being used.
10. For
Zone
, select the firewall zone for the IPsec tunnel. Generally this should be left at the
default of
IPsec
.
11. Select the Mode, either:
n
Tunnel
: The entire IP packet is encrypted and/or authenticated and then encapsulated
as the payload in a new IP packet.
n
Transport
: Only the payload of the IP packet is encrypted and/or authenticated. The IP
header is unencrypted.
12. Select the
Protocol
, either:
n
ESP
(Encapsulating Security Payload): Provides encryption as well as authentication and
integrity.
n
AH
(Authentication Header): Provides authentication and integrity only.