Filter
Top Products
Chapter 15 IPSec VPN
NBG-460N User’s Guide
216
Remote Policy Remote IP addresses must be static and correspond to the remote
IPSec router's configured local IP addresses. The remote fields do not
apply when the Secure Gateway IP Address field is configured to
0.0.0.0. In this case only the remote IPSec router can initiate the VPN.
Two active SAs cannot have the local and remote IP address(es) both
the same. Two active SAs can have the same local or remote IP
address, but not both. You can configure multiple SAs between the
same local and remote IP addresses, as long as only one is active at any
time.
Remote
Address
For a single IP address, enter a (static) IP address on the network
behind the remote IPSec router.
For a specific range of IP addresses, enter the beginning (static) IP
address, in a range of computers on the network behind the remote
IPSec router.
To specify IP addresses on a network by their subnet mask, enter a
(static) IP address on the network behind the remote IPSec router.
Remote
Address End /
Mask
When the remote IP address is a single address, type it a second time
here.
When the remote IP address is a range, enter the end (static) IP
address, in a range of computers on the network behind the remote
IPSec router.
When the remote IP address is a subnet address, enter a subnet mask
on the network behind the remote IPSec router.
Remote Port
Start
0 is the default and signifies any port. Type a port number from 0 to
65535. Some of the most common IP ports are: 21, FTP; 53, DNS; 23,
Telnet; 80, HTTP; 25, SMTP; 110, POP3.
Remote Port
End
Enter a port number in this field to define a port range. This port
number must be greater than that specified in the previous field. If
Remote Port Start is left at 0, Remote Port End will also remain at 0.
My IP Address Enter the NBG-460N's static WAN IP address (if it has one) or leave the
field set to 0.0.0.0.
The NBG-460N uses its current WAN IP address (static or dynamic) in
setting up the VPN tunnel if you leave this field as 0.0.0.0. If the WAN
connection goes down, the NBG-460N uses the dial backup IP address
for the VPN tunnel when using dial backup or the LAN IP address when
using traffic redirect.
Otherwise, you can enter one of the dynamic domain names that you
have configured (in the DDNS screen) to have the NBG-460N use that
dynamic domain name's IP address.
The VPN tunnel has to be rebuilt if My IP Address changes after setup.
Table 70 Security > VPN > General > Rule Setup: Manual (continued)
LABEL DESCRIPTION