VPN |
 |
|
Add Mode Config Record |
This page is used to create a new Mode Config Record. |
Mode Config is similar to DHCP and is used to assign IP addresses to remote VPN
clients. A Mode Config record may be selected during IKE policy specification.
VPN clients connecting using an IKE policy with a Mode Config record will be
assigned IP address from the pools specified in the selected Mode Config record.
One or more IKE policies may use the same Mode Config record. |
Client Pool |
A Mode Config record contains a list of three IP pools for allocating to VPN
clients. VPN Clients are allocated IP addresses from the first pool. When the
first pool is exhausted, they are allocated from the second pool. Similarly,
the addresses from the third pool are allocated when both the first and the
second pool addresses are already in use. A record should contain a minimum of
one IP address pool. |
IMPORTANT!
The IP Address ranges defined by the three IP pools should not be in the same
subnet as your LAN or DMZ networks. |
Record Name: A unique name given to the record for
identification and management. |
First IP Pool |
Starting IP: The first address to be allocated in
this pool. |
Ending IP: The last address to be allocated in this
pool. |
Second IP Pool |
Starting IP: The first address to be allocated in this pool. |
Ending IP: The last address to be allocated in this pool. |
Third IP Pool |
Starting IP: The first address to be allocated in this pool. |
Ending IP: The last address to be allocated in this pool. |
WINS Server |
Primary: The primary WINS Server IP Address |
Secondary: The secondary WINS Server IP Address |
DNS Server |
Primary: The primary DNS Server IP Address |
Secondary: The secondary DNS Server IP Address |
Traffic Tunnel Security Level |
PFS Key Group: Enable Perfect Forward Secrecy (PFS) to improve security. While
this is slower, it will ensure that a Diffie-Hellman exchange is performed for
every phase-2 negotiation. |
The following Security (SA) Association parameters define the strength and the mode
for negotiation of the SA. The fields in the SA are: |
Encryption Algorithm: The algorithm used to negotiate the SA. |
Authentication Algorithm: Specify the authentication algorithm for the VPN
header. |
Diffie-Hellman (DH) Group: The Diffie-Hellman algorithm is used when exchanging
keys. The DH Group sets the strength of the algorithm in bits. (This setting
must match that of the Remote VPN.) |
SA-Lifetime: The lifetime of a Security Association can either be specified in
seconds or kilobytes. If specified in seconds, it is the interval after which the
Security Association becomes invalid. The SA is renegotiated after this
interval. If specified in kilobytes, the SA is renegotiated after the specified
number of kilobytes of data is transferred over the SA. The minimum value is 300 seconds or 1920000 KB. |
Local IP Address: IP Address of the local LAN subnet. If it is not specified it
defaults to LAN subnet corresponding to the LAN IP of the device. |
Local Subnet Mask: Subnet Mask of the local LAN subnet. |
Click
Apply to save the settings. |
Click
Reset to discard any changes and reset the fields. |
|