NETGEAR ProSAFE SRX5308 Reference Manual page 210

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Table 45. IPSec VPN Wizard settings for an IPv6 gateway-to-gateway tunnel (continued)
Setting
This VPN tunnel will use the
following local WAN Interface
What is the pre-shared key?
End Point Information
What is the Remote WAN's IP
Address or Internet Name?
What is the Local WAN's IP
Address or Internet Name?
Secure Connection Remote Accessibility
What is the remote LAN IP
Address?
IPv6 Prefix Length
a. Both local and remote endpoints should be defined as either FQDNs or IP addresses. A combination of
an IP address and an FQDN is not supported.
Tip: To ensure that tunnels stay active, after completing the wizard, manually
edit the VPN policy to enable keep-alives, which periodically sends ping
packets to the host on the peer side of the network to keep the tunnel
alive. For more information, see
Tip: For DHCP WAN configurations, first set up the tunnel with IP addresses.
After you validate the connection, you can use the wizard to create new
policies using the FQDN for the WAN addresses.
4. Click Apply to save your settings. The IPSec VPN policy is now added to the List of VPN
Policies table on the VPN Policies screen for IPv6. By default, the VPN policy is enabled.
Virtual Private Networking Using IPSec and L2TP Connections
Description
Select a WAN interface from the drop-down list to specify which local WAN
interface the VPN tunnel uses as the local endpoint.
(Optional) Select the Enable RollOver? check box to enable VPN rollover,
and select a WAN interface from the drop-down list to the right of the check
box to specify the interface to which the VPN rollover should occur.
Note: If the VPN firewall is configured to function in WAN auto-rollover
mode, you can use the VPN Wizard to configure VPN rollover and do not
need to configure this manually.
Enter a pre-shared key. The key needs to be entered both here and on the
remote VPN gateway. This key needs to have a minimum length of
8 characters and should not exceed 49 characters.
a
Enter the IPv6 address or Internet name (FQDN) of the WAN interface on
the remote VPN tunnel endpoint.
When you select the Gateway radio button in the About VPN Wizard
section of the screen, the IPv6 address of the VPN firewall's active WAN
interface is automatically entered.
Enter the LAN IPv6 address of the remote gateway.
Note: The remote LAN IPv6 address needs to be different from the local
LAN IPv6 address. For example, if the local LAN IPv6 address is fec0::1,
the remote LAN IPv6 address could be fec0:1::1 but could not be fec0::1.
If this information is incorrect, the tunnel fails to connect.
Enter the prefix length for the remote gateway.
Configure Keep-Alives
210
on page 266.