Netgear SRX5308 SRX5308 Reference Manual - Page 148
Table 5-2. IPsec VPN Wizard Settings for a Gateway-to-Gateway Tunnel continued, For more information
UPC - 606449065145
View all Netgear SRX5308 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 148 highlights
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 5-2. (IPsec) VPN Wizard Settings for a Gateway-to-Gateway Tunnel (continued) Setting Description (or Subfield and Description) Enable RollOver? If you have configured the VPN firewall to function in WAN autorollover mode (see "Configuring the Auto-Rollover Mode and Failure Detection Method" on page 2-18), select the Enable RollOver? check box. Then, from the corresponding drop-down list, select the backup WAN interface. After an auto-rollover has occurred, the VPN tunnel will be reestablished using the backup WAN interface. End Point Information a What is the Remote WAN's IP Enter the IP address or Internet name (FQDN) of the WAN interface on Address or Internet Name? the remote VPN tunnel endpoint. What is the Local WAN's IP Address or Internet Name? When you select the Gateway radio button in the About VPN Wizard section of the screen, the IP address of the VPN firewall's active WAN interface is automatically entered. Secure Connection Remote Accessibility What is the remote LAN IP Address? What is the remote LAN Subnet Mask? Enter the LAN IP address of the remote gateway. Note: The remote LAN IP address must be in a different subnet than the local LAN IP address. For example, if the local subnet is 192.168.1.x, then the remote subnet could be 192.168.10.x. but could not be 192.168.1.x. If this information is incorrect, the tunnel will fail to connect. Enter the LAN subnet mask of the remote gateway. a. Both local and remote endpoints should be defined as either FQDNs or IP addresses. A combination of an IP address and an FQDN is not supported. . Tip: To ensure that tunnels stay active, after completing the wizard, manually edit the VPN policy to enable keepalive, which periodically sends ping packets to the host on the peer side of the network to keep the tunnel alive. For more information, see "Configuring Keepalives" on page 5-56. . Tip: For DHCP WAN configurations, first set up the tunnel with IP addresses. After you have validated the connection, you can use the wizard to create new policies using the FQDN for the WAN addresses. 5-6 Virtual Private Networking Using IPsec Connections v1.0, April 2010