User`s guide

ManualsBrandsProxicast ManualsComputer equipmentLAN-Cell 2

211

212

213

214

215

216

217

218

219

220

Chapter 10 IPSec VPN Config Screens

LAN-Cell 2 User’s Guide

215

NAT Traversal Select this check box to enable NAT traversal. NAT traversal allows you to set up

a VPN connection when there are NAT routers between the two IPSec routers.

Note: The remote IPSec router must also have NAT traversal

enabled. See Section on page 248 for more information.

You can use NAT traversal with ESP protocol using Transport or Tunnel mode,

but not with AH protocol nor with manual key management. In order for an IPSec

router behind a NAT router to receive an initiating IPSec packet, set the NAT

router to forward UDP ports 500 and 4500 to the IPSec router behind the NAT

router.

Gateway Policy Information

My LAN-Cell This field identifies the WAN IP address or domain name of the LAN-Cell. You can

select My Address and enter the LAN-Cell's static WAN IP address (if it has one)

or leave the field set to 0.0.0.0.

The LAN-Cell uses its current WAN IP address (static or dynamic) in setting up

the VPN tunnel if you leave this field as 0.0.0.0. If the WAN connection goes

down, the LAN-Cell uses the dial backup IP address for the VPN tunnel when

using dial backup or the LAN IP address when using traffic redirect.

Otherwise, you can select My Domain Name and choose one of the dynamic

domain names that you have configured (in the DDNS screen) to have the LAN-

Cell use that dynamic domain name's IP address.

The VPN tunnel has to be rebuilt if the My LAN-Cell IP address changes after

setup.

Primary Remote

Gateway

Type the WAN IP address or the domain name (up to 31 characters) of the IPSec

router with which you're making the VPN connection. Set this field to 0.0.0.0 if the

remote IPSec router has a dynamic WAN IP address.

In order to have more than one active rule with the Remote Gateway Address

field set to 0.0.0.0, the ranges of the local IP addresses cannot overlap between

rules.

If you configure an active rule with 0.0.0.0 in the Remote Gateway Address field

and the LAN’s full IP address range as the local IP address, then you cannot

configure any other active rules with the Remote Gateway Address field set to

0.0.0.0.

Enable IPSec High

Availability

Turn on the high availability feature to use a redundant (backup) VPN connection

to another WAN interface on the remote IPSec router if the primary (regular) VPN

connection goes down. The remote IPSec router must have a second WAN

connection in order for you to use this.

To use this, you must identify both the primary and the redundant remote IPSec

routers by WAN IP address or domain name (you cannot set either to 0.0.0.0).

Redundant

Remote Gateway

Type the WAN IP address or the domain name (up to 31 characters) of the

backup IPSec router to use when the LAN-Cell cannot not connect to the primary

remote gateway.

Fall back to

Primary Remote

Gateway when

possible

Select this to have the LAN-Cell change back to using the primary remote

gateway if the connection becomes available again.

Fall Back Check

Interval*

Set how often the LAN-Cell should check the connection to the primary remote

gateway while connected to the redundant remote gateway.

Each gateway policy uses one or more network policies. If the fall back check

interval is shorter than a network policy’s SA life time, the fall back check interval

is used as the check interval and network policy SA life time. If the fall back check

interval is longer than a network policy’s SA life time, the SA lifetime is used as

the check interval and network policy SA life time.

Table 77 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy (continued)

LABEL DESCRIPTION