Page 26 - Configuration
Guidelines - Local and Remote IP Address/Mask configuration
1. When both IP Address and IP Mask fields are left un-configured this means “match
all”. Typically this case is used to match Internet traffic.
2. Unless an explicit policy exists for the local subnet it will not be matched. This
means an un-configured entry as detailed above will
not
match any locally attached
subnets (i.e. LAN interfaces).
3. IP Office does not AND the IP Address with the Mask Fields but ensures that the
network address and Mask are compatible when configuring. For example, an IP
address of 192.168.42.1 with a mask 255.255.255.0 is an invalid combination. Two
valid combinations are shown below:
a. IP Address 192.168.42.1 Mask 255.255.255.255
b. IP Address 192.168.42.0 Mask 255.255.255.0
4. A single "condition" in terms of addressing can be specified for a given SA. The SA
condition can be applied between two hosts or between two subnets or a
combination of these, i.e. host to subnet. Multiple conditions for an SA are not
supported in the IP Office VPN implementation.
Guidelines - Local and Remote Gateway
1. The Local Gateway field is used to specify a source IP address to be used when
originating a tunnel. Left un-configured (default), IP Office uses the IP address of
the outgoing interface at which the tunnel is to be established.
2. Similarly, for Client initiated tunnels, where the IP Address (dynamically allocated
by the ISP) of the remote peer is unknown, the Remote Gateway field should be left
un-configured.
Page 26 - Configuration
IP Office (R3.0)
IPSec Configuration
40DHB0002UKER Issue 3 (4th February 2005)
