D-Link DWC-1000 DWC-1000 User's Guide - Page 98

VPN Settings Field Description Local / Remote IP Local / Remote Start IP Address Select the type of identifier that you want to provide for the endpoint. Choices are: • Any = policy is for traffic from the given end point (local or remote). Note that selecting Any for both local and remote end points is not valid. • Single = limits the policy to one host. Enter the IP address of the host that will be part of the VPN in the Start IP Address field. • Range = allows computers within an IP address range to connect to the VPN. Enter the Start IP Address and End IP Address in the provided fields. • Subnet = allows an entire subnet to connect to the VPN. Enter the network address in the Start IP Address field and enter the Subnet Mask in the Subnet Mask field. Enter the first IP address in the range. Local / Remote End IP Address Enter the last IP address in the range. If Local / Remote IP = Single, leave the End IP Address field blank. Local / Remote Subnet Mask Local / Remote Prefix Length If Local / Remote IP = Subnet, enter the Subnet Mask of the network. Do not use overlapping subnets for remote or local traffic selectors. Otherwise, you must add static routes on the wireless controller and the hosts to be used. Example of a combination to avoid is: • Local Traffic Selector = 192.168.75.0/24 • Remote Traffic Selector = 192.168.0.0./16. If Local / Remote IP = Subnet and Protocol = IPv6, enter the prefix length of the network. Enable Keepalive Source IP Address Determined whether the wireless controller sends ping packets periodically to the host on the peer side of the network to keep the tunnel alive. Choices are: • Checked = enables Keepalive. • Unchecked = disables Keepalive. If Enable Keepalive is checked, enter the IP address from which ping packet must be sent. Destination IP Address If Enable Keepalive is checked, enter the IP Address to which ping packet needs to be sent. Detection Protocol If Enable Keepalive is checked, specify how often the wireless controller sends ping packets. Reconnect After Failure Count If Enable Keepalive is checked, fresh negotiation starts when no acknowledgement is received for the number of consecutive packets specified here. Phase (IKE SA Parameters) These settings are applicable for Auto IPsec policies that use IKE to perform negotiations between the two VPN endpoints. Exchange Mode Direction / Type NAT Traversal IKE phase can occur in one of two exchange modes. Select an exchange mode. Choices are: • Main = negotiates the tunnel with higher security, but is slower than aggressive mode. • Aggressive = fewer exchanges are made and with fewer packets than main mode, allowing this mode to establish a faster connection than main mode, but with lower security. Select a connection method. Choices are: • Initiator = wireless controller initiates the connection to the remote end. • Responder = wireless controller waits passively and responds to remote IKE requests. • Both = wireless controller work in either Initiator or Responder mode. Enables or disables Network Address Translation (NAT) traversal. Choices are: • On = select this setting if you expect any NAT to occur during IPsec communication. • Off = select this setting if you do not expect NAT to occur during IPsec communication. 98 DWC-1000 Wireless Controller User's Guide