-96-
Remote Subnet:
Specify IP address range on your remote network to identify
which PCs on the remote network are covered by this policy. It's
formed by IP address and subnet mask.
WAN:
Specify the local WAN port for this Policy. The "Remote
Gateway" of the remote peer should be set to the IP address of
this WAN port.
Remote Gateway:
Enter the Remote Gateway. It can be IP address or Domain
name.
Policy Mode:
Select the negotiation mode for the policy.
IKE: The parameters for the VPN tunnel are generated
automatically via IKE negotiations.
Manual: All settings (including the keys) for the VPN tunnel
are manually inputted and no key negotiation is needed.
IKE Mode
IKE Policy:
It is available when IKE is selected as the negotiation mode.
Specify the IKE policy. If there is no policy selection, add new
policy on VPN→IKE→IKE Policy page.
IPsec Proposal:
Select IPsec Proposal on IKE mode. Up to four IPsec Proposals
can be selected on IKE mode.
PFS:
Select the PFS (Perfect Forward Security) for IKE mode to
enhance security. This setting should match the remote peer.
With PFS feature, IKE negotiates to create a new key in
Phase2. As it is independent of the key created in Phase1, this
key can be secure even when the key in Phase1 is
de-encrypted. Without PFS, the key in Phase2 is created based
on the key in Phase1 and thus once the key in Phase1 is
de-encrypted, the key in Phase2 is easy to be de-encrypted, in
this case, the communication secrecy is threatened.
SA Lifetime:
Specify IPsec SA Lifetime for IKE mode.
