Configuring a VPN Peer

Configuring a VPN Peer

System > Network > VPN > IPSec VPN

Users can set the VPN peer parameters by configuring a VPN peer.

In the VPN Peer List tab in the IPSec VPN page, you can perform the following actions:

Click New to create a new VPN peer.
Click Edit to edit the selected VPN peer.
Click Delete to delete the selected VPN peers.

Options in the VPN Peer Configuration dialog:

Option	Description
Basic
Name	Specifies or displays the name of the ISAKMP gateway.
Interface	Specifies the interface bound to the ISAKMP gateway.
Mode	Specifies the mode of IKE negotiation. There are two IKE negotiation modes: Main and Aggressive. The main mode is the default mode. The aggressive mode cannot protect identity. You have no choice but use the aggressive mode in the situation that the IP address of the center device is static and the IP address of client device is dynamic.
Type	Specifies the type of the peer IP. If the peer IP is static, type the IP address into the Peer Address box; if the peer IP type is user group, select the AAA server you need from the AAA server drop-down list.
Local ID	Specifies the local ID. The system supports three types of ID: FQDN, U-FQDN and ASN1-DN (only for license). Click the ID type you want, and then type the content for this ID into the Local ID textbox.
Peer ID	Specifies the peer ID. The system supports three types of ID: FQDN, U-FQDN and ASN1-DN (only for license). Click the ID type you want, and then type the content for this ID into the Peer ID textbox. When using the Radius server to execute the authentication, you must select the Wildcard checkbox.
Proposal 1/Proposal 2/Proposal 3/Proposal 4	Specifies a P1 proposal for ISAKMP gateway. You can define at most four P1 proposals for an ISAKMP gateway.
Pre-shared Key	If you choose using pre-shared key to authenticate, type the key into the box.
Advanced
Connection Type	Specifies the connection type for ISAKMP gateway. Bidirectional - Specifies that the ISAKMP gateway serves as both the initiator and responder. This is the default value. Initiator - Specifies that the ISAKMP gateway serves only as the initiator. Responder - Specifies that the ISAKMP gateway serves only as the responder.
NAT Traversal	This option must be enabled when there is a NAT device in the IPSec or IKE tunnel and the device implements NAT. By default, this function is disabled.
Any Peer ID	Make the created ISAKMP gateway accept any peer ID and do not check the peer ID.
Generate Route	Select the Enable checkbox to enable the auto routing function. By default, this function is disabled. This function allows the device to automatically add routing entries which are from the center device to the branch, avoiding the problems caused by manual configured routing.
DPD	Select the Enable checkbox to enable the DPD (Delegated Path Discovery) function. By default, this function is disabled. When the responder does not receive the peer's packets for a long period, it can enable DPD and initiate a DPD request to the peer so that it can test if the ISAKMP gateway exists. DPD interval - The interval of sending DPD request to the peer. The value range is 1 to 10 seconds. The default value is 1. DPD reties - The times of sending DPD request to the peer. The device will keep sending discovery requests to the peer until it reaches the specified times of DPD reties. If the device does not receive response from the peer after the retry times, it will determine that the peer ISAKMP gateway is down. The value range is 1 to 10 times. The default value is 3.
Description	Type the description for the ISAKMP gateway.