Authentication Method; Security - Colubris Networks CN3000 Administrator's Manual

Chapter 11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Configuration parameters - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Chapter 11
(CN=joe/E=joe@company.com/O=Company Inc./C=US)
Peer ID
Specify the peer ID based on the ID type you selected. If you selected IP address, then
you can leave this field blank to use the address in the Address field.
DNS server address
Specify the domain name or IP address of the primary and secondary DNS servers that
the CN3000 will use to resolve DNS requests related to the remote peer's domain. In
most cases these servers will be located on the network protected by the peer.
Domain name
Specify the domain name of the peer. Any DNS requests on the wireless LAN for
addressed to this domain are forwarded to the DNS server specified above. This
enables the CN3000 to properly forward traffic to stations on the other side of an IPSec
tunnel.
Authentication X.509 certificates
Select this option to use X.509 certificates to validate peers. To define certificate
method
settings, select certificates on the security menu.
Preshared key
Specify the key that will be used by the CN3000 to validate peers. The CN3000 and the
peer must both use the same key.

Security

Only permit incoming traffic addressed to
These settings enable you to filter incoming traffic so that only traffic addressed to a
specific network or network device is permitted from the peer. Note that the setting you
make for this parameter must match the setting the peer makes for outgoing traffic. If
not, the connection will not be established.
This CN3000
Only accepts incoming traffic that is addressed to the CN3000. All other traffic is
dropped.
Subnet
Mask
Only accepts incoming traffic that is addressed to the specified subnet or host you
specify. All other traffic is dropped. To accept all traffic from the peer, specify both the
Subnet and Mask as: 0.0.0.0
NAT
Enable network address translation for traffic addressed to the specified Subnet. This
hides the addresses of local computers from the peer. If you enable NAT, the peer does
not have to match the settings for Subnet.
Only permit outgoing traffic addressed to
These settings enable you to filter outgoing traffic so that only traffic addressed to the
peer, a specific network, or network device is sent. All other traffic is sent onto the
Internet outside the tunnel.
Note that the setting you make for this parameter must match the setting the peer
makes for incoming traffic. If not, the connection will not be established.
Peer
Only sends outgoing traffic that is addressed to the peer. All other traffic is sent onto the
Internet outside the tunnel.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 262 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -