Add a VPN
You are here: VPN > IPsec (Phase II).
To add a VPN:
- Click the add icon (+) on the upper right side
of the VPN tab of IPsec (Phase II) page.
The Add VPN page appears.
- Complete the configuration according to the guidelines provided in Table 1.
- Click OK to save the changes. If you want to discard your changes, click Cancel.
Table 1: Fields on the Add VPN Page
Field | Action |
---|---|
IPsec VPN | |
VPN Name | Enter a name of the remote gateway. |
Remote Gateway | Select a name from the list to associate a policy with IPsec tunnel. |
IPsec Policy | Select a policy name from the list. |
Bind to tunnel interface | Select an interface from the list for the tunnel interface to which the route-based VPN is bound. Note: When the IPsec VPN is configured for Dynamic VPN, Bind to tunnel interface is not required. You can add or edit a logical interface inline. To add a logical interface inline:
|
Establish tunnels | Select an option from the list:
|
Disable anti replay | Select the check box to disable the anti replay checking feature of IPsec. By default, anti replay checking is enabled. |
IPSec VPN Options | |
Enable VPN Monitor | Select the check box to enable VPN monitor. When the IPSec VPN is configured for Dynamic VPN, Enable VPN monitor is not required. |
Destination IP | Enter an IP address to associate a policy with IPsec tunnel. |
Optimized | Select the check box for the tunnel interface to which the route-based VPN is bound. |
Source Interface | Enter a source interface for ICMP requests. If no source interface is specified, the device automatically uses the local tunnel endpoint interface. |
Use Proxy Identity | |
Local IP/Netmask | Enter a local IP address. |
Remote IP/Netmask | Enter a remote IP address and subnet mask for proxy identity. |
Service | Select a service (port and protocol combination) from the list. |
Traffic Selector | |
+ | Click plus to add a traffic selector. |
Name | Enter a name of the Traffic Selector. |
Local IP/Netmask | Enter a local IP address and subnet mask for proxy identity. |
Remote IP/Netmask | Enter a remote IP address and subnet mask for proxy identity. |
X | Click X to delete a traffic selector. |
Do not fragment bit | Specifies how the device handles the DF bit in the outer header. Select an option from the list:
|
Idle Time | Enter the idle time to delete an SA. Range: 60 through 999999 seconds. |
Install interval | Specify a value from 0 through 10 seconds to allow installation of a rekeyed outbound security association (SA) on the device. |