Dynamic VPN Configuration Page Options
- Select Configure>IPSec VPN>Dynamic VPN.
The Dynamic VPN configuration page appears. Table 121 explains the contents of this page.
- Click one:
- Add—Adds a new client VPN configuration. Enter information as specified in Table 122.
- Edit—Edits the selected configuration.
- Delete—Deletes the selected client VPN configuration.
- Click one:
- OK—Saves the configuration and returns to the main configuration page.
- Cancel—Cancels your entries and returns to the main configuration page.
Table 121: Add Dynamic VPN Global Settings Configuration Page
Field | Function | Action |
|---|---|---|
| DVPN-Global Settings | ||
Access Profile | Specifies the access profile that controls the authentication of users who want to download Access Manager. (You will need to select these access profiles when configuring the IKE gateway and dynamic VPN global options. You can use the same access profile to authenticate users in both cases, or you can use separate access profiles to authenticate downloads and VPN sessions.) Note: This Access Profile option does not control authentication for VPN sessions. When there is no Access profile setup under Global settings, The Add/Edit button is disabled. | Select a previously created access profile from the list that is displayed. |
Address Profile Settings | ||
Address Pool | Specifies the list of configured address pools. When an address pool is selected, the information panel shows the basic details of the address pool:
| Select an address pool. |
New | New Address Pool setting for the access profile. | Click New. |
Force Upgrade | Specifies an option for setting up a program to automatically download the latest client and install it on the user’s computer when the setup program detects a version mismatch between the client and server. Otherwise, the setup program prompts the user to upgrade the client when it detects a version mismatch, but does not force the upgrade. If the user does not choose to upgrade, the setup program will launch the existing client version on the user’s computer. | Select the check box to enable or disable force upgrade. |
| New Address Pool | ||
Name | Specifies the name of the address pool. | Enter a name. |
Network Address | Specifies the network address used by the address pool. | Enter a network address. |
Add | Adds a new address pool . | Click Add to add a new address pool. |
Delete | Deletes the selected address pool. | Select the address pool and click Delete to delete the address pool. |
| Address Ranges | ||
Address Range Name | Specifies the name of the address range. | Enter a name. |
Lower Limit | Specifies the lower limit of the address range. | Enter the lower limit of the address range. |
Higher Limit | Specifies the upper limit of the address range. | Enter the higher limit of the address range. |
| XAUTH Attributes | ||
Primary DNS Server | Specifies the primary DNS IP address. | Enter the primary DNS IP address. |
Secondary DNS Server | Specifies the secondary DNS IP address. | Enter the secondary DNS IP address. |
Primary WINS Server | Specifies the primary WINS IP address. | Enter the primary WINS IP address. |
Secondary WINS Server | Specifies the secondary WINS IP address. | Enter the secondary WINS IP address. |
| Clone IPSec from DVPN template | ||
Name | Specifies the name of the dynamic VPN. | Enter a name. |
Preshared Key | Specifies the preshared key type. | Enter a preshared key. |
IKE ID | Specifies the IKE ID. | Enter an IKE ID. |
External Interface | Specifies the outgoing interface to use when establishing SAs. An interface acts as a doorway through which traffic enters and exits the device. | Select a previously created interface from the list. |
Table 122: Add client VPN Global Settings Configuration Details
Field | Function | Action |
|---|---|---|
Name | Specifies the name of the client configuration. | Enter a name. |
IPSec VPN | Specifies the IKE AutoKey configuration to use when establishing the VPN tunnel. | Select a previously configured IKE AutoKey configuration from the list. |
Remote Protected Resources IP | Specifies the IP address and netmask of a resource behind the firewall. Traffic to the specified resource will go through the VPN tunnel and therefore will be protected by the firewall’s security policies. Note: The device does not validate that the IP/netmask combination that you enter here matches your security policies. | Enter an IP address and netmask and click Add. |
Remote Exceptions IP | Specifies the IP address and net mask of exceptions to the remote protected resources list. | Enter an IP address and netmask and click Add. |
Users | Specifies the list of users who can use this client configuration. Note: The server does not validate the names that you enter here, but the names must be the names that the users use to log in to the device when downloading the client. | Enter ab user name, and click Add. |