beautypg.com

Netopia Firmware 4000-Series User Manual

Page 147

background image

Internet Key Exchange (IKE) IPsec Key Management for VPNs 5-17

Specifying IKE key management alters the Advanced IP Profile Options screen as follows:

You can specify a Local Tunnel Endpoint Address. If not 0.0.0.0, this value must be one of the assigned
inter face addresses, either WAN or LAN. This is used as the source address of all IPsec traffic.

You can specify a Next Hop Gateway. If you specify the Remote Tunnel Endpoint Address, and the address
is in the same subnet as the Remote Members Network you specified in the IP Profile Parameters, the
Next Hop Gateway option allows you to enter the address by which the gateway par tner is reached.

If you do not specify the Remote Tunnel Endpoint Address, the router will use the default gateway to reach
the par tner. If the par tner should be reached via an alternate por t (for example, the LAN instead of the
WAN), the Next Hop Gateway field allows this path to be resolved.

You can specify an Idle Timeout (seconds) value. The idle timeout tells the router that if no traffic passes
through the tunnel for the specified number of seconds, no automatic SA re-key should be per formed.
When new traffic does pass through the tunnel, the idle timeout inter val resets again when the current SAs
expire.

If you set the value to zero, the router will re-key the SA whenever the SA Lifetime inter val specifies,
regardless of whether traffic is passing through it or not. This will effectively “nail up” the tunnel.

1 +--------------------------------------------------------------+24
2 | Are you sure you want to delete this network configuration? |8
3 | |
4 | CANCEL CONTINUE |00
| |
| |
+--------------------------------------------------------------+

Advanced IP Profile Options

Local Tunnel Endpoint Address: 0.0.0.0
Next Hop Gateway: 0.0.0.0

Idle Timeout (seconds): 300