Netgear SRX5308 SRX5308 Reference Manual - Page 190
Table 5-16. Add IKE Policy Settings for a Mode Config Configuration
UPC - 606449065145
View all Netgear SRX5308 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 190 highlights
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Note: The settings that are explained in Table 5-16 are specifically for a Mode Config configuration. Table 5-10 on page 5-25 explains the general IKE policy settings. Table 5-16. Add IKE Policy Settings for a Mode Config Configuration Item Description (or Subfield and Description) Mode Config Record Do you want to use Mode Config Record? Select the Yes radio button. Note: Because Mode Config functions only in Aggressive mode, selecting the Yes radio button sets the tunnel exchange mode to Aggressive mode and disables the Main mode. Mode Config also requires that both the local and remote ends are defined by their FQDNs. Select Mode Config Record From the drop-down list, select the Mode Config record that you created in step 5 on page 5-46. In this example, we are using NA Sales. General Policy Name Direction / Type Exchange Mode A descriptive name of the IKE policy for identification and management purposes. In this example, we are using ModeConfigNA_Sales. Note: The name is not supplied to the remote VPN endpoint. Responder is automatically selected when you select the Yes radio button in the Mode Config Record section of the screen. This ensures that the VPN firewall responds to an IKE request from the remote endpoint but does not initiate one. Aggressive mode is automatically selected you select the Yes radio button in the Mode Config Record section of the screen. Local Select Local Gateway From the drop-down list, select one of the four WAN interfaces to function as the local gateway. Identifier Type From the drop-down list, select FQDN. Note: Mode Config requires that the VPN firewall (that is, the local end) is defined by an FQDN. Identifier Enter an FQDN for the VPN firewall. In this example, we are using srx_local2.com. 5-48 Virtual Private Networking Using IPsec Connections v1.0, April 2010