NETGEAR SRX5308-100NAS Switch User Manual


 
Virtual Private Networking Using IPSec and L2TP Connections
236
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Policy Type From the drop-down list, select one of the following policy types:
Auto Policy. Some settings (the ones in the Manual Policy Parameters
section of the screen) for the VPN tunnel are generated automatically.
Ma
nual Policy. All settings need to be specified manually, including the ones
in the Manual Policy Parameters section of the screen.
Select Local Gateway Select a WAN interface from the drop-down list to specify the WAN interface for
the local gateway.
Remote Endpoint Select a radio button to specify how th
e remote endpoint is defined:
IP Add
ress. Enter the IP address of the remote endpoint in the fields to the
right of the radio button.
FQ
DN. Enter the FQDN of the remote endpoint in the field to the right of the
radio button.
Enable NetBIOS? Select this check box to enable NetBIOS broadcasts to travel over the VPN
tunnel. For more information about NetBIOS, see Configure NetBIOS Bridging
with IPSec VPN o
n page 262. This feature is disabled by default.
Enable RollOver?
Note: This does not
ap
ply to IPv6 policies.
(IPv4 only) Select this check box to allow th
e VPN tunnel to roll over to the other
WAN interface when the WAN mode is set to Auto-Rollover and an actual
rollover occurs. This feature is disabled by default.
Select a WAN interface from the drop-down list.
Enable Auto Initiate Select this check box to enable the VPN tunn
el to autoestablish itself without the
presence of any traffic.
Note: The direction and type of the IKE policy th
at is associated with this VPN
policy need to be either Initiator or Both but cannot be Responder. For more
information, see Manually Add or Edit an IKE Policy on pa
ge 227.
Enable Keepalive
Note: See also
Configure Keep-Alives
and Dead Peer
Detection on pag
e 259.
Select a radio button to specify if keep-alive is enabled:
Ye
s. This feature is enabled: Periodically, the VPN firewall sends keep-alive
requests (ping packets) to the remote endpoint to keep the tunnel alive. You
need to specify the ping IP address in the Ping IP Address field, the detection
period in the Detection Period field, and the maximum number of keep-alive
requests that the VPN firewall sends in the Reconnect after failure count field.
No.
This feature is disabled. This is the default setting.
Ping IP Address The IP address that the VPN firewall pings. The address
n
eeds to be of a host that can respond to ICMP ping
requests.
Detection Period The period in seconds between the ke
ep-alive requests. The
default setting is 10 seconds.
Reconnect after
fai
lure count
The maximum number of keep-alive requests before the
VPN firewall tears down the connection and then attempts to
reconnect to the remote endpoint. The default setting is
3 keep-alive requests.
Table 55. Add New VPN Policy screen settings for IPv4 and IPv6 (continued)
Setting Description