Tunnel Name | Provide a name for the tunnel. |
Tunnel Type | Select the tunnel type being created. Two types of tunnels can be created. Use Site to Site to create a tunnel between two remote sites. Use Remote Access to create a tunnel between a user device and a network. Site to Site is the default setting. |
Interface | Configure the interface to use for creating the tunnel – either Virtual LAN (VLAN), WWAN, or PPPoE depending on the interfaces available on the device. |
Traffic Selector (ACL) | Creates the access control list (ACL) that is used to control who uses the network. Provide the Source and Destination IP address ranges with their net mask. Click Add Rule to add the rule into the ACL. |
If any of the required values in the Step 1 screen are not set properly, the Step 2 screen will not display until they are properly set.
Peer | Select the type of peer for this device when forming a tunnel. Peer information can be either an IP Address (default value) or Host Name. Provide the IP address or the host name of the peer device. |
Authentication | Configure how devices authenticate
on opposite ends of the tunnel connection. The following can
be configured:
|
Local Identity | Configure the local identity for
the VPN tunnel.
|
Remote Identity | Configure the remote identity for
the VPN tunnel.
|
IKE Policy | Configure the Internet Key Exchange (IKE)
policy to use when creating this VPN tunnel. The following
options are available:
|
Transform Set | Transform set is a set of configurations exchanged for creating the VPN tunnel and
imposing a security policy. The transform set consists of
the following:
From the drop-down list, select any pre-configured transform set, or click Create New Policy to create a new transform set. |
Encryption | This field is enabled when
Create New
Policy is selected in the Transform
Set field. This is the encryption that is
used on data traversing through the tunnel. Select from the following algorithms: esp-null, des, 3des, aes, aes-192, or aes-256. |
Authentication | This field is enabled when
Create New
Policy is selected in the Transform
Set field. This is the method peers
authenticate as the source of the packet to other peers
after a VPN tunnel has been created. Select from the following: MD5, SHA, SHA256, or AES-XCBC-HMAC-128. |
Mode | This field is enabled when
Create New
Policy is selected in the Transform
Set field. The mode indicates how packets
are transported through the tunnel.
|
Security Association | Configures the lifetime of a
security association (SA). Keys and SAs should be renewed
periodically to maintain the security of the tunnel.
|