Filter
Top Products
Chapter 13 VPN 215
BCM50a Integrated Router Configuration — Basics
Table 53 describes the fields in Figure 70.
Table 53 VPN Branch Office rule setup
Label Description
Connection Type Select Branch Office to manually configure a VPN rule.
Select Contivity Client to use a simple VPN rule that lets you
define and store connection information for accessing your
corporate network using the BCM50a Integrated Router. You can
only configure one Contivity client rule.
If you want to set the Contivity Client rule to active, you must set
all other VPN rules to inactive.
Active Select this check box to activate this VPN tunnel. This option
determines whether a VPN rule is applied.
Nailed Up Select this check box to turn on the nailed up feature for this SA.
Turn on nailed up to have the BCM50a Integrated Router
automatically reinitiate the SA after the SA lifetime times out, even
if there is no traffic. The BCM50a Integrated Router also
reinitiates the SA when it restarts.
NAT Traversal Select this check box to enable NAT traversal. With NAT
traversal, you can set up a VPN connection when there are NAT
routers between the two IPSec routers.
The remote IPSec router must also have NAT traversal enabled.
You can use NAT traversal with ESP protocol using Transport or
Tunnel mode, but not with AH protocol. In order for a IPSec
router behind a NAT router to receive an initiating IPSec packet,
set the NAT router to forward UDP port 500 to the IPSec router
behind the NAT router.
Name Type a name to identify this VPN policy. You can use any
character, including spaces, but the BCM50a Integrated Router
drops trailing spaces.
Key Management Your BCM50a Integrated Router uses IKE (ISAKMP) key
management in order to set up a VPN.
Negotiation Mode Select Main for identity protection. Select Aggressive to allow
more incoming connections from dynamic IP addresses to use
separate passwords. Multiple SAs connecting through a IPSec
router must have the same negotiation mode.
Encapsulation Mode Select Tunnel mode or Transport mode from the drop-down list.
Tunnel is compatible with NAT, Transport is not.