Wireless Firewall Router User's Guide

P-335 Series User’s Guide

Chapter 13 VPN Screens 172

Figure 89 Rule Setup

The following table describes the labels in this screen.

Table 72 Rule Setup

LABEL DESCRIPTION

Active Select this check box to activate this VPN tunnel. This option determines whether

a VPN rule is applied before a packet leaves the firewall.

Keep Alive Select this check box to have the Prestige automatically re-initiate the SA after

the SA lifetime times out, even if there is no traffic. The remote IPSec router must

also have keep alive enabled in order for this feature to work.

NAT Traversal Select this check box to enable NAT traversal. NAT traversal allows you to set up

a VPN connection when there are NAT routers between the two IPSec routers.

The remote IPSec router must also have NAT traversal enabled.

You can use NAT traversal with ESP protocol using Transport or Tunnel mode,

but not with AH protocol nor with manual key management. In order for an IPSec

router behind a NAT router to receive an initiating IPSec packet, set the NAT

router to forward UDP port 500 to the IPSec router behind the NAT router.

IPSec Keying Mode Select IKE or Manual from the drop-down list box. IKE provides more protection

so it is generally recommended. Manual is a useful option for troubleshooting.