WAN Configuration 4-21
These rules must be above (higher in priority than) any default or other rules that would process these packets differently.
Do I need to add any special routes on the WS 2000 switch to get my VPN tunnel to work?
No. Packets for VPN are tunneled directly to the Remote VPN gateway. As long as a route exists to the Remote VPN gateway,
no other routes are required.
Clients, however, might need extra routing information to tell them to use the WS 2000 switch as the gateway to reach the
remote subnet. This is only required if the clients are not using the WS 2000 switch as their default gateway.
Can I setup the WS 2000 Wireless Switch so that clients can both access the WAN normally and use
the VPN when talking only to specific networks?
Yes. Only packets that are going from the defined local subnet to the remote subnet will be send through the VPN tunnel.
All other packets will be handled by whatever firewall rules are set.
How do I specify which certificates to use from the WS 2000 certificate manager to be used for an IKE
policy?
When generating a certificate to be used with IKE, you must use one of the following fields: IP address, Domain Name, or
Email address. Also make sure that you are using NTP when attempting use the certificate manager. Certificates are time
sensitive.
Src port
1:65535
Dst port
500
Rev NAT
None
On the IKE configuration page, Local ID type refers to the way that IKE
selects a local certificate to use.
IP tries to match the local WAN IP to the IP addresses specified
in a local certificate.
FQDM tries to match the user entered local ID data string to the
domain name field of the certificate.
UFQDM tries to match the user entered local ID data string to
the email address field of the certificate.
Remote ID type refers to the way you identify an incoming certificate as
being associated with the remote side.
IP tries the match the remote gateway IP to the IP addresses
specified in the received certificate.
FQDM tries to match the user entered remote ID data string to
the domain name field of the received certificate.
UFQDM tries to match the user entered remote ID data string to
the email address field of the received certificate.