-85-
Subnet:
our remote network to identify
which PCs on the remote network are covered by this policy. It's
formed by IP address and subnet mask.
this WAN port.
Remote Gateway:
Manual: All settings (including the keys) for the VPN tunnel
IKE Mode
IKE Policy:
It is available when IKE is selected as the negotiation mode.
IPsec Proposal:
IPsec Proposals
can be selected on IKE mode.
PFS:
h the remote peer.
With PFS feature, IKE negotiates to create a new key in
n Phase1 is
de-encrypted, the key in Phase2 is easy to be de-encrypted, in
SA Lifetime:
Remote
Specify IP address range on y
WAN:
Specify the local WAN port for this Policy. The "Remote
Gateway" of the remote peer should be set to the IP address of
Enter the Remote Gateway. It can be IP address or Domain
name.
Policy Mode:
Select the negotiation mode for the policy.
IKE: The parameters for the VPN tunnel are generated
automatically via IKE negotiations.
are manually inputted and no key negotiation is needed.
Specify the IKE policy. If there is no policy selection, add new
policy on
VPN
→
IKE
→
IKE Policy
page.
Select IPsec Proposal on IKE mode. Up to four
Select the PFS (Perfect Forward Security) for IKE mode to
enhance security. This setting should matc
Phase2. As it is independent of the key created in Phase1, this
key can be secure even when the key in Phase1 is
de-encrypted. Without PFS, the key in Phase2 is created based
on the key in Phase1 and thus once the key i
this case, the communication secrecy is threatened.
Specify IPsec SA Lifetime for IKE mode.
