222
Setting/Setting Confirmation
|
■
Operation depends on the combination of local ID and remote ID of IKE Phase 1
*IKE_SA_INIT exchange is applicable in IKEv2
■
Operation depends on the combination of local ID and remote ID of IKE Phase 2
・
IPsec tunnel destination subnet can be connected one to multiple (2-5), or to all subnets.
・
Setting methods of the local and remote IDs of IKE Phase 2 when each subnet is connected are as follows.
N is specified from 2~5, ALL means all subnets
*For IKEv2, local traffic selector and remote traffic selector for IKE_AUTH exchange are applicable.
Connection Type
LAN-WAN Connection
Pattern
Local ID
(Local Traffic Selector)
Remote ID
(Remote Traffic Selector)
Single subnet
connection
1:1
1 specification
1 specification
N:1
N specification
1 specification
ALL:1
0.0.0.0/0 or not specified
(blank)
1 specification
Two or more
subnet connection
1:N
1 specification
N specification
N:N
N specification
N specification
ALL:N
0.0.0.0/0 or not specified
(blank)
N specification
All subnet
connection*
1:ALL
1 specification
0.0.0.0/0 or not specified
(blank)
N:ALL
N specification
0.0.0.0/0 or not specified
(blank)
Connection
Type
Local ID
Remote ID
Used
Remarks
Pattern 1
Not specified
(local WAN IP address (no subnet))
Not specified
(peer IP address (no subnet))
○
Pattern 2
Specified (character string)
(IP address, FQDN, Key-ID, User-
FQDN)
Not specified
(peer IP address (no subnet))
○
Pattern 3
Not specified
(local WAN IP address (no subnet))
Specified (character string)
(IP address, FQDN, Key-ID, User-
FQDN)
○
Pattern 4
Specified (character string)
(IP address, FQDN, Key-ID, User-
FQDN)
Specified (character string)
(IP address, FQDN, Key-ID, User-
FQDN)
○
Pattern 5
Not specified
(local WAN IP address (no subnet))
Not specified
(Unused)
○
Destination site
any time
Pattern 6
Specified (character string)
(IP address, FQDN, Key-ID, User-
FQDN)
Not specified
(Unused)
○
Destination site
any time