Select a peer. After selecting a peer, click Edit to edit the configurations of this peer. You can click New from the drop-down menu to create a new peer. For details on creating a new peer, see Configuring a VPN Peer.

Displays the peer information, including the peer name, mode, type, local ID, and peer ID.

Specifies the tunnel name.

Specifies the mode. The system supports the tunnel mode and the transport mode.

Specifies the P2 proposal for the tunnel.

Specifies ID of Phase 2 for the tunnel which can be Auto or Manual.

• Auto: The Phase 2 ID is automatically designated.
• Manual: The Phase 2 ID is manually designated. Manual configuration of P2 ID includes:
  • Local IP/Netmask: Specifies the local ID of Phase 2.
  • Remote IP/Netmask: Specifies the Phase 2 ID of the peer device.
  • Service: Specifies the service.

Specifies the IP address of the DNS server that will be allocated to the client by the PnPVPN server. The specified DNS server is the primary one.

Specifies the auxiliary DNS servers. You can specify at most three auxiliary DNS servers.

Specifies the IP address of the WINS server that will be allocated to the client by the PnPVPN server. The specified WINS1 server is the primary one.

Specifies the auxiliary DNS servers. You can specify one auxiliary DNS servers.

Select Enable to enable the idle time function. By default, this function is disabled. This time length you specified in the Idle Time textbox is the longest time the tunnel can exist without traffic passing through. When the time is over, SA will be cleared.

Select whether to allow the forwarding device to execute IP packet fragmentation. The options are:

• Copy - Copies the IP packet DF options from the sender directly. This is the default value.
• Clear - Allows the device to execute packet fragmentation.
• Set - Disallows the device to execute packet fragmentation.

Anti-replay is used to prevent hackers from attacking the device by resending the sniffed packets, i.e., the receiver rejects the obsolete or repeated packets. By default, this function is disabled.

• Disable - Disables the anti-reply function. This is the default value.
• 32 - Specifies the anti-replay window as 32.
• 64 - Specifies the anti-replay window as 64.
• 128 - Specifies the anti-replay window as 128.
• 256 - Specifies the anti-replay window as 256.
• 512 - Specifies the anti-replay window as 512.

Select the Enable checkbox to make the corresponding party configure the commit bit function, which can avoid packet loss and time difference. However, commit bit may slow the responding speed.

Select the Enable checkbox to enable the auto connection function. By default, this function is disabled. The device has two methods of establishing SA: auto and traffic intrigued. When it is auto, the device checks SA status every 60 seconds and initiates negotiation request when SA is not established; when it is traffic intrigued, the tunnel sends negotiation request only when there is traffic passing through the tunnel. By default, traffic intrigued mode is used.

Note: Auto connection works only when the peer IP is static and the local device is initiator.

Configure the tunnel route when editing the IKE VPN configurations. When editing the IKE VPN configurations, click Select and the Route Configuration dialog appears. In the Tunnel Route Configuration dialog, add one or more tunnel routes. You can add at most 128 tunnel routes.

Type the description for the tunnel.

Select the Enable checkbox to enable the VPN track function. The device can monitor the connectivity status of the specified VPN tunnel, and also allows backup or load sharing between two or more VPN tunnels. This function is applicable to both route-based and policy-based VPNs. The options are:

• Track Interval - Specifies the interval of sending Ping packets.
• Threshold - Specifies the threshold for determining the track failure. If the system did not receive the specified number of continuous response packets, it will identify a track failure, i.e., the target tunnel is disconnected.
• Src Address - Specifies the source IP address that sends Ping packets.
• Dst Address - Specifies the IP address of the tracked object.
• Notify Track Event - Select the Enable checkbox to enable the VPN tunnel status notification function. With this function enabled, for route-based VPN, the system will inform the routing module about the information of the disconnected VPN tunnel and update the tunnel route once detecting any VPN tunnel disconnection; for policy-based VPN, the system will inform the policy module about the information of the disconnected VPN tunnel and update the tunnel policy once detecting any VPN tunnel disconnection.