User's Manual

ManualsBrandsPEPWAVE ManualsElectronicsPEPWAVE / peplink Wireless Product

111

112

113

114

115

116

117

118

119

120

IPsec VPN Settings

Name

This field is for specifying a local name to represent this connection profile.

Active

When this box is checked, this IPsec VPN connection profile will be enabled.

Otherwise, it will be disabled.

Connect Upon

Disconnection

Check this box and select a WAN to connect to this VPN automatically when the

specified WAN is disconnected.

Remote

Gateway IP

Address / Host

Name

Enter the remote peer’s public IP address. For Aggressive Mode, this is

optional.

Local Networks

Enter the local LAN subnets here. If you have defined static routes, they will be

shown here.

Using NAT, you can map a specific local network / IP address to another, and the

packets received by remote gateway will appear to be coming from the mapped

network / IP address. This allow you to establish IPsec connection to a remote

site that has one or more subnets overlapped with local site.

Two types of NAT policies can be defined:

One-to-One NAT policy: if the defined subnet in Local Network and NAT Network

has the same size, for example, policy "192.168.50.0/24 > 172.16.1.0/24" will

translate the local IP address 192.168.50.10 to 172.16.1.10 and 192.168.50.20

to 172.16.1.20. This is a bidirectional mapping which means clients in remote

site can initiate connection to the local clients using the mapped address too.

Many-to-One NAT policy: if the defined NAT Network on the right hand side is an

IP address (or having a network prefix /32), for example, policy "192.168.1.0/24

> 172.168.50.1/32" will translate all clients in 192.168.1.0/24 network to

172.168.50.1. This is a unidirectional mapping which means clients in remote

site will not be able to initiate connection to the local clients.

Remote

Networks

Enter the LAN and subnets that are located at the remote site here.

Authentication

To access your VPN, clients will need to authenticate by your choice of methods.

Choose between the Preshared Key and X.509 Certificate methods of

authentication.

Mode

Choose Main Mode if both IPsec peers use static IP addresses. Choose

Aggressive Mode if one of the IPsec peers uses dynamic IP addresses.