Netgear SRX5308 SRX5308 Reference Manual - Page 167
Table 5-10. Add IKE Policy Settings, Description or Subfield and Description, Mode Config Record
UPC - 606449065145
View all Netgear SRX5308 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 167 highlights
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 5-10. Add IKE Policy Settings Item Description (or Subfield and Description) Mode Config Record Do you want to use Mode Config Record? Specify whether or not the IKE policy uses a Mode Config record. For information about how to define a Mode Config record, see "Mode Config Operation" on page 5-42. Select one of the following radio buttons: • Yes. IP addresses are assigned to remote VPN clients. You must select a Mode Config record from the drop-down list. Note: Because Mode Config functions only in Aggressive mode, selecting the Yes radio button sets the tunnel exchange mode to Aggressive mode and disables the Main mode. Mode Config also requires that both the local and remote ends are defined by their FQDNs. • No. Disables Mode Config for this IKE policy. Note: An XAUTH configuration via an edge device is not possible without Mode Config and is therefore disabled too. For more information about XAUTH, see "Configuring Extended Authentication (XAUTH)" on page 5-37. Select Mode Config Record From the drop-down list, select one of the Mode Config records that you defined on the Add Mode Config Record screen (see "Configuring Mode Config Operation on the VPN Firewall" on page 5-42). Note: Click the View Selected button to open the Selected Mode Config Record Details popup window. General Policy Name Direction / Type Exchange Mode A descriptive name of the IKE policy for identification and management purposes. Note: The name is not supplied to the remote VPN endpoint. From the drop-down list, select the connection method for the VPN firewall: • Initiator. The VPN firewall initiates the connection to the remote endpoint. • Responder. The VPN firewall responds only to an IKE request from the remote endpoint. • Both. The VPN firewall can both initiate a connection to the remote endpoint and respond to an IKE request from the remote endpoint. From the drop-down list, select the exchange mode between the VPN firewall and the remote VPN endpoint: • Main. This mode is slower than the Aggressive mode but more secure. • Aggressive. This mode is faster than the Main mode but less secure. Note: If you specify either an FQDN or a User FQDN name as the local ID or remote ID (see the Local and Remote sections on the screen), the Aggressive mode is automatically selected. Virtual Private Networking Using IPsec Connections v1.0, April 2010 5-25