Filter
Top Products
Chapter 6 Device Security Settings
Vantage CNM User’s Guide
133
Content The configuration of the peer content depends on the peer ID type.
Do the following when you set Authentication Key to Pre-shared Key.
•For IP, type the IP address of the computer with which you will make the
VPN connection. If you configure this field to 0.0.0.0 or leave it blank, the
device will use the address in the Remote Gateway Address field (refer
to the Remote Gateway Address field description).
•For DNS or E-mail, type a domain name or e-mail address by which to
identify the remote IPSec router. Use up to 31 ASCII characters including
spaces, although trailing spaces are truncated. The domain name or e-
mail address is for identification purposes only and can be any string.
It is recommended that you type an IP address other than 0.0.0.0 or use the
DNS or E-mail ID type in the following situations:
• When there is a NAT router between the two IPSec routers.
• When you want the device to distinguish between VPN connection
requests that come in from remote IPSec routers with dynamic WAN IP
addresses.
Do the following when you set Authentication Key to Certificate.
•For IP, type the IP address from the subject alternative name field of the
certificate the remote IPSec router will use for this VPN connection. If you
configure this field to 0.0.0.0 or leave it blank, the device will use the
address in the Remote Gateway Address field (refer to the Remote
Gateway Address field description).
•For DNS or E-mail, type the domain name or e-mail address from the
subject alternative name field of the certificate the remote IPSec router will
use for this VPN connection.
•For Subject Name, type the subject name of the certificate the remote
IPSec router will use for this VPN connection. Use up to255 ASCII
characters including spaces.
•For Any, the peer Content field is not available.
• Regardless of how you configure the ID Type and Content fields, two
active SAs cannot have both the local and remote IP address ranges
overlap between rules.
Extended
Authentication
Enable Extended
Authentication
Select this check box to activate extended authentication.
Server Mode Select Server Mode to have this device authenticate extended authentication
clients that request this VPN connection.
You must also configure the extended authentication clients’ usernames and
passwords in the authentication server’s local user database or a RADIUS
server.
Click Local User to go to the Local User Database screen where you can
view and/or edit the list of user names and passwords. Click RADIUS to go to
the RADIUS screen where you can configure the device to check an external
RADIUS server.
During authentication, if the device (in server mode) does not find the
extended authentication clients’ user name in its internal user database and
an external RADIUS server has been enabled, it attempts to authenticate the
client through the RADIUS server.
Client Mode Select Client Mode to have your device use a username and password when
initiating this VPN connection to the extended authentication server device.
Only a VPN extended authentication client can initiate this VPN connection.
User Name Enter a user name for your device to be authenticated by the VPN peer (in
server mode). The user name can be up to 31 case-sensitive ASCII
characters, but spaces are not allowed. You must enter a user name and
password when you select client mode.
Table 50 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) >
Gateway Policy Add/Edit
LABEL DESCRIPTION