Filter
Top Products
Chapter 15 IPSec VPN
NBG-460N User’s Guide
208
Local Policy Local IP addresses must be static and correspond to the remote IPSec
router's configured remote IP addresses.
Two active SAs can have the same configured local or remote IP
address, but not both. You can configure multiple SAs between the
same local and remote IP addresses, as long as only one is active at
any time.
In order to have more than one active rule with the Secure Gateway
Address field set to 0.0.0.0, the ranges of the local IP addresses
cannot overlap between rules.
If you configure an active rule with 0.0.0.0 in the Secure Gateway
Address field and the LAN’s full IP address range as the local IP
address, then you cannot configure any other active rules with the
Secure Gateway Address field set to 0.0.0.0.
Local Address For a single IP address, enter a (static) IP address on the LAN behind
your NBG-460N.
For a specific range of IP addresses, enter the beginning (static) IP
address, in a range of computers on your LAN behind your NBG-
460N.
To specify IP addresses on a network by their subnet mask, enter a
(static) IP address on the LAN behind your NBG-460N.
Local Address End
/Mask
When the local IP address is a single address, type it a second time
here.
When the local IP address is a range, enter the end (static) IP
address, in a range of computers on the LAN behind your NBG-460N.
When the local IP address is a subnet address, enter a subnet mask
on the LAN behind your NBG-460N.
Local Port Start 0 is the default and signifies any port. Type a port number from 0 to
65535. Some of the most common IP ports are: 21, FTP; 53, DNS;
23, Telnet; 80, HTTP; 25, SMTP; 110, POP3.
Local Port End Enter a port number in this field to define a port range. This port
number must be greater than that specified in the previous field. If
Local Port Start is left at 0, Local Port End will also remain at 0.
Remote Policy Remote IP addresses must be static and correspond to the remote
IPSec router's configured local IP addresses. The remote fields do not
apply when the Secure Gateway IP Address field is configured to
0.0.0.0. In this case only the remote IPSec router can initiate the
VPN.
Two active SAs cannot have the local and remote IP address(es) both
the same. Two active SAs can have the same local or remote IP
address, but not both. You can configure multiple SAs between the
same local and remote IP addresses, as long as only one is active at
any time.
Table 69 Security > VPN > General > Rule Setup: IKE (Advanced) (continued)
LABEL DESCRIPTION