In this table, you configure the IKEv2 connections to VPN partners.
- Entry active
- Enables or disables the connection to this VPN peer.
- Name of connection
- Contains the name of the connection to the remote station.
- Short hold time
- Specifies the hold time in seconds for which the device stays connected if there is no data flow.
- Gateway
- Contains the address (IPv4, IPv6 or FQDN) of the VPN partner.
- Routing tag
- Contains the routing tag for this VPN connection.
- Encryption
- Specifies the encryption used for the VPN connection. The corresponding entry is located in the Encryption table.
- Authentication
- Specifies the authentication method used for the VPN connection. The corresponding entry is located in the Authentication table.
- Connection parameters
- Specifies the general parameters used for the VPN connection. The corresponding entry is located in the Connection parameters table.
- Validity period
- Specifies the lifetime of the key used for the VPN connection. The corresponding entry is located in the table.
- IKE-CFG
- Specifies the IKEv2 config mode of this connection for RAS dial-ins.
Possible values are:
- Off: IKEv2 config mode is disabled
- Server: The router distributes configuration parameters (such as addresses or the DNS server) to VPN clients. The parameters to be distributed are configured in the IPv4 or IPv6 address pool.
- Client: The router requests the server for configuration parameters (e.g. addresses or the DNS server).
- IPv4 address pool
- IPv4 addresses and DNS server for dial-in access in the IKE CFG mode Server.
- IPv6 address pool
- IPv6 addresses and DNS server for dial-in access in the IKE CFG mode Server.
- Rule creation
- Specifies how VPN rules are created.
Possible values:
- Automatic
- The local intranet serves as the source network (private IP address range that the local VPN gateway itself belongs to). For automatically generated VPN rules, the target networks are those network ranges that have a remote VPN gateway set as their router. When two simple local networks are connected, the automatic VPN can interpret the necessary network relationships from the IP address range in its own LAN and from the entry for the remote LAN in the IP routing table.
- Manual
- Rules are created for the network relationships in the same way as rules are defined manually for IPv4 or IPv6.
- IPv4-Rules
- Specifies which IPv4 rules apply to this VPN connection. The IPv4 rules are located in the table .
- IPv6-Rules
- Specifies which IPv6 rules apply to this VPN connection. The IPv6 rules are located in the table .
- Routing
- Specifies the routes that the remote site should transmit dynamically via IKE-CFG mode. This function is only available in the IKEv2 CFG mode for the client and server. The routes for IPv4 and IPv6 connections are located in the tables.
- RADIUS auth. server
- Specifies the RADIUS server for the VPN peer authorization. You configure the RADIUS server for IKEv2 under under Extended settings.
- RADIUS auth. server
- Specifies the RADIUS server for the VPN peer accounting. You configure the RADIUS server for IKEv2 under under Extended settings.
- Comment
- Enter a descriptive comment here.