Quick Reference Guide
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
6-28 Virtual Private Networking Using IPsec
v1.0, January 2010
In the following example, we configured the VPN firewall using ModeConfig, and then
configured a PC running ProSafe VPN Client software using these IP addresses.
• ProSafe Wireless-N VPN Firewall SRXN3205
– WAN IP address: 172.21.4.1
– LAN IP address/subnet: 192.168.2.1/255.255.255.0
• ProSafe VPN Client software IP address: 192.168.1.2
Mode Config Operation
After the IKE Phase 1 negotiation is complete, the VPN connection initiator (which is the remote
user with a VPN client) requests the IP configuration settings such as the IP address, subnet mask,
WINS server, and DNS address from the VPN firewall. The Mode Config feature allocates an IP
address from the configured IP address pool and activates a temporary IPsec policy, using the
information that is specified in the Traffic Tunnel Security Level section of the Mode Config
record (on the Add Mode Config Record screen that is shown in Figure 6-18 on page 6-29).
Configuring Mode Config Operation on the VPN Firewall
To configure Mode Config on the VPN firewall, you first must create a Mode Config record, and
then select the Mode Config record for an IKE policy.
Creating the Mode Config Record
1. Select VPN > IPSec VPN from the main/submenu. The IPsec VPN submenu tabs appear with
the IKE Policies screen in view.
2. Click the Mode Config tab. The Mode Config screen is displayed (see Figure 6-17 on page
6-29).
Note: After configuring a Mode Config record, you must manually configure an IKE
policy and select the newly-created Mode Config record from the Select Mode
Config Record pull-down menu (see “Configuring Mode Config Operation on the
VPN Firewall” on this page. You do not need to make changes to any VPN policy.
Note: An IP address that is allocated to a VPN client is released only after the VPN client
has gracefully disconnected or after the SA liftetime for the connection has timed
out.