Add/Edit
Tunnel
–
Remote
Networks The Network
Address and the Netmask define the remote network address range that local devices will
have access to via the VPN tunnel.
NOTE:
the
remote
network
IP address
MUST be
different
from
the
local
network
IP address.
Optionally: A Port can be defined that will limit the traffic going through the VPN tunnel to only that port. If the field is left blank, any port will be
accepted by the tunnel.
Add/Edit
Tunnel
–
IKE Phase
1 IKE security has two phases, Phase 1 and Phase 2. You have the ability to distinctly configure each phase, but
the default settings will be sufficient for most users.
To set up a tunnel with a remote site, you need to match your tunnel's IKE negotiation parameters with the remote site. By selecting several
encryption, hash, and DH group options, you improve your chances for a successful tunnel negotiation. For greatest compatibility, select all
options; for greatest security, select only the most secure options that your devices support.
Figure 140: Add/Edit VPN Tunnel IKE Phase 1
Exchange
Mode: The IKE protocol has 2 modes of negotiating phase 1 – Main (also called Identity Protection) and Aggressive.
110