Asus SL1000 User Manual

Chapter 10. Configuring VPN

Internet Security Router User

’s Manual

88

Options

Description

VPN Connection Type

Site to site

Click this radio button to add a policy for site-to-site users.

Remote access

Click this radio button to add a policy for remote access users.

User Group (only available for Remote Access mode)

Select a user group from the User Group drop-down list to which this rule should apply.

Local Secure Group

This option allows you to set the local secure network to which this rule should apply. This option
allows you to apply this rule inclusively on all computers in the internal network. Use the

“Type”

drop-down list to select one of the following:

IP Address

Enter the appropriate IP address for the local secure group.

Subnet

This option allows you to include all the computers that are connected in an
IP subnet. The following fields become available when this option is
selected:

Subnet Address

Specify the appropriate network address.

Subnet Mask

Enter the subnet mask.

IP Range

This option allows you to include a range of IP addresses for applying this
rule. The following fields become available for entry when this option is
selected:

Start IP

Enter the starting IP address of the range.

End IP

Enter the ending IP address of the range.

Remote Secure Group (only available for site to site VPN mode)

This option allows you to set the remote (destination) secure network to which this rule should
apply. This option allows you to apply this rule inclusively on all computers in the external network.
Use the

“Type” drop-down list to select one of the following:

IP Address

Subnet

IP Range

Select any of these and enter details as described in the Local Secure
Group above.

Remote Gateway

You have a choice of entering either the IP address or the FQDN (fully qualified domain name) for
the remote secure gateway.

Any

Select this option to accept connection request from any computer.

IP Address

Select this option to specify an IP address for the remote secure gateway.

FQDN

Select this option to enter the fully qualified domain name for the remote
secure gateway.

Key Management (only available for site to site VPN mode)

Two modes are supported: pre-shared key and manual key. Select from the Key Management
drop-down list for the desired key management mode. If

“manual key” mode is selected,

configuration for IKE proposal is skipped.

IKE Proposal Settings (only available for pre-shared key)

Note that all options for the IKE proposal settings are available only when pre-shared key is selected.

IKE Mode

Main mode and aggressive mode are supported. Click the proper radio
button for the desired IKE mode.