NETGEAR FVS124G - ProSafe VPN Firewall 25, Руководство по настройке

Страница: 30 / 35

VPN Policy
The VPN Policy contains the settings for the second phase in the process of establishing a VPN connection. Many of the
settings here correspond to settings located in VPN Tracker in the Network section of the Basic tab, or in
Advanced > Phase 2
.
General
Policy Name : The policy name is used for naming connections
on the device. For a policy where “Traffic Selector > Remote IP”
is set to “Any”, the policy name also becomes part of VPN
Tracker’s Local Identifier.
IKE Policy : Select the corresponding IKE policy. An IKE policy
that is not selected in any VPN policy cannot be accessed.
However, selecting an IKE policy here does not automatically
mean that connections from the selected IKE policy will use this
VPN policy, the VPN policy lookup on this device is independent
from the IKE policy and determined by the traffic selectors.
Remote VPN Endpoint : This is the (public) IP address of the connecting client. With clients connecting from different IP
addresses, it should be set to “Fully Qualified Domain Name”. Enter the same Fully Qualified Domain Name (FQDN) that
is used for the “Remote Identity Data” in the IKE Policy.
SA Life Time : The lifetime determines how long a client can be connected before the encryption keys must be
renegotiated. The lifetime must match the lifetime for phase 2 in VPN Tracker (Advanced > Phase 2 > Lifetime). A value of
3600 sec (1 hours) or more is generally a good choice. Due to the complications involved with a lifetime that depends on
data transfer amounts, we recommend setting the lifetime in “Seconds” only, and setting the “Kbytes” field to 0.
30