D-Link DWC-1000 User Manual page 98

Field
Local / Remote IP
Local / Remote Start IP Address
Local / Remote End IP Address
Local / Remote Subnet Mask
Local / Remote Prefix Length
Enable Keepalive
Source IP Address
Destination IP Address
Detection Protocol
Reconnect After Failure Count
These settings are applicable for Auto IPsec policies that use IKE to perform negotiations between the two VPN endpoints.
Exchange Mode
Direction / Type
NAT Traversal
VPN Settings
Select the type of identifier that you want to provide for the endpoint. Choices are:
Any = policy is for traffic from the given end point (local or remote). Note that selecting Any for
•
both local and remote end points is not valid.
Single = limits the policy to one host. Enter the IP address of the host that will be part of the
•
VPN in the Start IP Address field.
Range = allows computers within an IP address range to connect to the VPN. Enter the Start
•
IP Address and End IP Address in the provided fields.
Subnet = allows an entire subnet to connect to the VPN. Enter the network address in the
•
Start IP Address field and enter the Subnet Mask in the Subnet Mask field.
Enter the first IP address in the range.
Enter the last IP address in the range. If Local / Remote IP = Single, leave the End IP Address
field blank.
If Local / Remote IP = Subnet, enter the Subnet Mask of the network. Do not use overlapping
subnets for remote or local traffic selectors. Otherwise, you must add static routes on the
wireless controller and the hosts to be used. Example of a combination to avoid is:
Local Traffic Selector = 192.168.75.0/24
•
Remote Traffic Selector = 192.168.0.0./16.
•
If Local / Remote IP = Subnet and Protocol = IPv6, enter the prefix length of the network.
Determined whether the wireless controller sends ping packets periodically to the host on the
peer side of the network to keep the tunnel alive. Choices are:
Checked = enables Keepalive.
•
Unchecked = disables Keepalive.
•
If Enable Keepalive is checked, enter the IP address from which ping packet must be sent.
If Enable Keepalive is checked, enter the IP Address to which ping packet needs to be sent.
If Enable Keepalive is checked, specify how often the wireless controller sends ping packets.
If Enable Keepalive is checked, fresh negotiation starts when no acknowledgement is received
for the number of consecutive packets specified here.
Phase (IKE SA Parameters)
IKE phase can occur in one of two exchange modes. Select an exchange mode. Choices are:
Main = negotiates the tunnel with higher security, but is slower than aggressive mode.
•
Aggressive = fewer exchanges are made and with fewer packets than main mode, allowing
•
this mode to establish a faster connection than main mode, but with lower security.
Select a connection method. Choices are:
Initiator = wireless controller initiates the connection to the remote end.
•
Responder = wireless controller waits passively and responds to remote IKE requests.
•
Both = wireless controller work in either Initiator or Responder mode.
•
Enables or disables Network Address Translation (NAT) traversal. Choices are:
On = select this setting if you expect any NAT to occur during IPsec communication.
•
Off = select this setting if you do not expect NAT to occur during IPsec communication.
•
98
DWC-1000 Wireless Controller User's Guide
Description