You can enable IPSec and configure the settings under
:Input box | Description |
---|---|
I/0 | A slider button indicates whether IPSec is enabled (I) or disabled (0). Click on the slider button to change the status of this option. |
Excluded interfaces | This selection list is used to select interfaces that should not be used by the IPSec service. If nothing is entered here, then all interfaces are excluded on the system, including those that are newly created or generated automatically. Usually, exception interfaces and IP addresses are required when all traffic is sent to the central office through an IPsec tunnel. In a case like this, you have to be careful to ensure that the local networks remain accessible. By default, IPSec has a higher priority than normal routes. Consequently, even packets destined for local area networks could be sent to the VPN tunnel instead. Under normal circumstances, the default setting which excludes all local interfaces means that the local networks can always be reached. |
Excluded IP address | Enter the IP addresses in CIDR format. Under no circumstances will packets for these networks be routed to a tunnel, even if a tunnel is configured for the destination address. Click on on the right-hand side to add your entry to the list of IP addresses. |
Proxy ARP | If this option is enabled, the firewall will respond to ARP requests from local networks for virtual IP addresses for IPSec clients by sending its own MAC address. |
Input box | Description |
---|---|
Active | IPSec can use a DHCP server to assign virtual IP addresses to the connected IPSec clients. You can enable this function here. To use this for an IPSec connection, go to Virtual IP pool and select the option DHCP virtual IP pool. |
IP address | Enter the IP address of the DHCP server. This can be either the address of a DHCP server or a broadcast address of a network. |
Input box | Description |
---|---|
Active | In conjunction with EAP or XAUTH, IPSec can use the user management of a RADIUS server to authenticate the connection. Also, the RADIUS server can assign IP addresses to IPSec clients. To do this for an IPSec connection, go to Virtual IP pool and select the option RADIUS virtual IP pool. You can enable this function here. |
IP address | IP address of the RADIUS server |
Port | The port the RADIUS server. |
Password | Password for accessing the RADIUS server. |
If you have made changes, you can use the buttons at the bottom right of the edit window to save them (Save) or discard them (Reset). Otherwise you can close the window (Close).
Click Activate in the toolbar at the top of the desktop to apply your configuration changes.