Prestige 334 User’s Guide
Chapter 15 VPN Screens
172
Remote Address End/
Mask
When the remote IP address is a single address, type it a second time here.
When the remote IP address is a range, enter the end (static) IP address, in a
range of computers on the network behind the remote IPSec router.
When the remote IP address is a subnet address, enter a subnet mask on the
network behind the remote IPSec router.
Remote Port Start
0 is the default and signifies any port. Type a port number from 0 to 65535.
Some of the most common IP ports are: 21, FTP; 53, DNS; 23, Telnet; 80,
HTTP; 25, SMTP; 110, POP3
Remote Port End
Enter a port number in this field to define a port range. This port number must
be greater than that specified in the previous field (or equal to it for configuring
an individual port).
DNS Server (for IPSec
VPN)
If there is a private DNS server that services the VPN, type its IP address here.
The Prestige assigns this additional DNS server to the Prestige’s DHCP
clients that have IP addresses in this IPSec rule's range of local addresses. A
DNS server allows clients on the VPN to find other computers and servers on
the VPN by their (private) domain names.
My IP Address
Enter the WAN IP address of your Prestige. The Prestige uses its current WAN
IP address (static or dynamic) in setting up the VPN tunnel if you leave this
field as
0.0.0.0
. The VPN tunnel has to be rebuilt if this IP address changes.
Local ID Type
Select
IP
to identify this Prestige by its IP address.
Select
DNS
to identify this Prestige by a domain name.
Select
to identify this Prestige by an e-mail address.
Local Content
When you select
IP
in the
Local ID Type
field, type the IP address of your
computer in the local
Content
field. The Prestige automatically uses the IP
address in the
My IP Address
field (refer to the
My IP Address
field
description) if you configure the local
Content
field to
0.0.0.0
or leave it blank.
It is recommended that you type an IP address other than
0.0.0.0
in the local
Content
field or use the
DNS
or
ID type in the following situations.
•
When there is a NAT router between the two IPSec routers.
•
When you want the remote IPSec router to be able to distinguish between
VPN connection requests that come in from IPSec routers with dynamic
WAN IP addresses.
When you select
DNS
or
in the
Local ID Type
field, type a domain
name or e-mail address by which to identify this Prestige in the local
Content
field. Use up to 31 ASCII characters including spaces, although trailing spaces
are truncated. The domain name or e-mail address is for identification
purposes only and can be any string.
Secure Gateway
Address
Type the WAN IP address or the URL (up to 31 characters) of the remote
secure gateway with which you're making the VPN connection. Set this field to
0.0.0.0 if the remote secure gateway has a dynamic WAN IP address (the
IPSec Keying Mode
field must be set to
IKE
).
Peer ID Type
Select
IP
to identify the remote IPSec router by its IP address.
Select
DNS
to identify the remote IPSec router by a domain name.
Select
to identify the remote IPSec router by an e-mail address.
Table 52
VPN IKE: Advanced
LABEL
DESCRIPTION