Configuring a VPN Peer

This section describes how to configure a VPN peer.

Creating a VPN Peer

To create a VPN peer, take the following steps:

  1. On the Navigation pane, click Configure > Network > IPSec VPN to visit the IPSec VPN page. Click the VPN Peer List tab.
  2. In the Peer Configuration dialog, click New.
  3. On the Basic tab, configure the options below.
    • Peer name: Specifies or displays the name of the ISAKMP gateway.
    • Interface: Specifies interface bound to the ISAKMP gateway.
    • Mode: Specifies the mode of IKE negotiation. There are two IKE negotiation modes: Main and Aggressive. The main mode is the default mode. The aggressive mode cannot protect identity. You have no choice but use the aggressive mode in the situation that the IP address of the center device is static and the IP address of client device is dynamic.
    • Type: Specifies the type of the peer IP. If the peer IP is static, type the IP address into the Peer Address box; if the peer IP type is user group, select the AAA server you need from the AAA server drop-down list.
    • Local ID: Specifies the local ID. System supports three types of ID: FQDN, U-FQDN and Asn1dn (only for license). Click the ID type you want, and then type the content for this ID into the Local ID value box.
    • Peer ID: Specifies the peer ID. System supports three types of ID: FQDN, U-FQDN and Asn1dn (only for license). Click the ID type you want.
    • Proposal 1: Specifies a P1 proposal for ISAKMP gateway. Select the suitable P1 proposal from the Proposal 1 drop-down list. You can define up to four P1 proposals for an ISAKMP gateway

    • Pre-shared key: If you choose using pre-shared key to authenticate, type the key into the box.

    • User key: Click Generate. In the Generate user key dialog, type the IKE ID into the IKE ID box, and then click Generate. The generated user key will be displayed in the Generate result box. PnPVPN client uses this key as the password to authenticate the login users.
  4. If necessary, click the Advanced tab to configure some advanced options.
    • Connection type: Specifies the connection type for ISAKMP gateway.
      Bidirection - Specifies that the ISAKMP gateway serves as both the initiator and responder. This is the default value.
      Initiator - Specifies that the ISAKMP gateway serves only as the initiator.
      Responder - Specifies that the ISAKMP gateway serves only as the responder.
    • NAT transversal: This option must be enabled when there is a NAT device in the IPSec or IKE tunnel and the device implements NAT. By default, this function is disabled.
    • Generate route: Select the Enable check box to enable the auto routing function. By default, this function is disabled. This function allows the device to automatically add routing entries which are from the center device to the branch, avoiding the problems caused by manual configured routing.
    • DPD: Select the Enable check box to enable the DPD (Delegated Path Discovery) function. By default, this function is disabled. When the responder does not receive the peer's packets for a long period, it can enable DPD and initiate a DPD request to the peer so that it can test if the ISAKMP gateway exists.
      DPD interval - The interval of sending DPD request to the peer. The value range is 1 to 10 seconds. The default value is 1.
      DPD reties - The times of sending DPD request to the peer. The device will keep sending discovery requests to the peer until it reaches the specified times of DPD reties. If the device does not receive response from the peer after the retry times, it will determine that the peer ISAKMP gateway is down. The value range is 1 to 10 times. The default value is 3.
    • Description: Type the description for the ISAKMP gateway.
  5. Click OK to save the settings.

Editing a VPN Peer

To delete a VPN peer, take the following steps:

  1. On the Navigation pane, click Configure > Network > IPSec VPN to visit the IPSec VPN page. Click the VPN Peer List tab.
  2. Select the VPN peer you want to edit from the list, and click Edit.
  3. In the Peer Configuration dialog, modify according to your need and click OK to save the changes.

Deleting a VPN Peer

To delete a VPN peer, take the following steps:

  1. On the Navigation pane, click Configure > Network > IPSec VPN to visit the IPSec VPN page. Click the VPN Peer List tab.
  2. Select the VPN peer you want to delete from the list, and then click Delete.