On this window, you configure the IPsec policy, which is:
-
step 5 in configuring a VPN with IKE policies
-
step 3 in configuring a VPN with manual keying
-
step 5 in configuring an L2TP client-to-site VPN
To see detailed instructions for configuring IPsec VPNs on the Threat Management Services (TMS) zl Module (including an explanation for the figure below), click here.

To see detailed instructions for configuring L2TP VPNs on the TMS zl Module (including an explanation for the figure below), click here.

Add IPsec Policy — Click to add an IPsec policy.
Click the icon to see the explanation for a field, or click here to see an explanation of all fields.

|
A default IPsec policy prevents all traffic from being encrypted by the VPN engine; therefore, all IPsec policies that you configure must have a higher priority than this default policy.
|
Step 1 of 4
-
Policy Name
-
Enable this policy
-
Action
-
Position
-
Traffic Selector
-
Protocol
-
Local Address
-
Local Port
-
Remote Address
-
Remote Port
-
ICMP Type
If you selected Bypass or Ignore for Action, click Finish.
|
Step 3 of 4
-
Enable IP Pool for IRAS (Mode Config)
-
IRAS IP Address/Mask
-
Firewall Zone
-
IP Address Ranges
-
Primary DNS Server and Secondary DNS Server
-
Primary WINS Server and Secondary WINS Server
|
Step 2 of 4
Key Exchange Method
-
Auto (with IKE)
-
IKEv1 Policy
-
Enable PFS
-
SA Lifetime in seconds
-
SA Lifetime in kilobytes
-
Manual
-
Local Gateway
-
Remote Gateway IP Address
-
SPI Number
-
ESP Only: Inbound Encryption Key
-
ESP Only: Outbound Encryption Key
-
Inbound Authentication Key
-
Outbound Authentication Key
|
Step 4 of 4
-
Optional: Advanced Settings
-
Enable IP Compression
-
Anti-Replay Window Size
-
Enable Extended Sequence Number
-
Enable Re-key on Sequence Number Overflow
-
Enable Persistent Tunnel
-
Enable Fragment Before IPsec
-
Optional, Tunnel Mode Only: Tunnel Options
|


|