beautypg.com

Multiple network ipsec – Netopia 3300 User Manual

Page 182

background image

6-16 Firmware User Guide

Note:

• ICMP Dead Peer Detection is not available when using manual re-keying.
• ICMP Dead Peer Detection does not initiate a series of phase 2 exchanges upon detecting a dead peer; it
instead initiates a new phase 1 negotiation, followed by a new phase 2 negotiation once contact with the peer
has been re-established.
• If you are using Multiple Network IPsec, the IP address of the ICMP Dead Peer Detection mechanism must be
constrained to the set of network ranges defined for the IPsec profile.

Press Escape to return to the Add or Change Connection Profile screen, and select IP Profile Parameters.

If you enable IKE key management the IP Profile Parameters screen appears.

The Remote Tunnel Endpoint field accepts either an IP address in the familiar dotted–quad notation a.b.c.d
or a hostname to be resolved using the Domain Name System (DNS).

Note:

When the Remote Tunnel Endpoint is an IP address, it will drop IKE packets if they are not sourced

from the Remote Tunnel Endpoint IP address.
When the Remote Tunnel Endpoint is a hostname, there is no check on the source address of the packet;
hostnames are used/resolved only for initiating outgoing connections.

Multiple Network IPsec

Netopia Firmware Version 8.7 offers an enhancement to IPsec VPN tunnels allowing multiple network suppor t.
This feature enhances your Netopia Router’s Vir tual Private Networking functionality.

IP Profile Parameters

Remote Tunnel Endpoint: 0.0.0.0
Add Network...

Address Translation Enabled: No

Stateful Inspection Enabled: No

Filter Set... <>
Remove Filter Set

Advanced IP Profile Options...

COMMIT CANCEL

Enter the IP Address or hostname of the remote tunnel endpoint.