Virtual Private Networking Using IPSec and L2TP Connections
201
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Tip: To ensure that tunnels stay active, after completing the wizard, manually
edit the VPN policy to enable keep-alives, which periodically sends ping
packets to the host on the peer side of the network to keep the tunnel
alive. For more information, see Configure Keep-Alives o
n page 260.
Tip: For DHCP W
AN configurations, first set up the tunnel with IP addresses.
After you have validated the connection, you can use the wizard to
create new policies using the FQDN for the WAN addresses.
3. Click App
ly to save your settings. The IPSec VPN policy is now added to the List of VPN
Policies table on the VPN Policies screen for IPv4. By default, the VPN policy is enabled.
This VPN tunnel will use the
following local WAN Interface
Select a WAN interface from the drop-down list to specify which local WAN
interface the VPN tunnel uses as the local endpoint.
(Optional) Select the En
able RollOver? check box to enable VPN rollover,
and then select a WAN interface from the drop-down list to the right of the
check box to specify the interface to which the VPN rollover should occur.
Note: If the VPN firewall is configured to
function in WAN auto-rollover
mode, you can use the VPN Wizard to configure VPN rollover and do not
need to configure this manually.
End Point Information
a
What is the Remote WAN’s IP
Address or Internet Name?
Enter the IPv4 address or Internet name (FQDN) of the WAN interface on
the remote VPN tunnel endpoint.
What is the Local WAN’s IP
Address or Internet Name?
When you select the Gateway radio button in the About VPN Wizard
section of the screen, the IPv4 address of the VPN firewall’s active WAN
interface is automatically entered.
Secure Connection Remote Accessibility
What is the remote LAN IP
Ad
dress?
Enter the LAN IPv4 address of the remote gateway.
Note: The remote LAN IPv4 address needs to be in a different subnet from
the local LAN IP address. For example, if the local subnet is 192.168.1.x,
then the remote subnet could be 192.168.10.x but could not be
192.168.1.x. If this information is incorrect, the tunnel fails to connect.
What is the remote LAN
Su
bnet Mask?
Enter the LAN subnet mask for the remote gateway.
a. Both local and remote endpoints should be defined as either FQDNs or IP addresses. A combination of
an IP address and an FQDN is not supported.
Table 43. IPSec VPN Wizard settings for an IPv4 gateway-to-gateway tunnel (continued)
Setting Description