Help - VPN Manual Policy

This screen allows you to define or edit an "Manual" VPN policy.
A "Manual" VPN policy requires all settings (including the keys) for the VPN tunnel to be manually input at each end (both VPN endpoints). No 3rd party server or organization is involved.

General
Policy Name Enter a unique name to identify this policy. This name is not supplied to the remote VPN endpoint. It is used only to help you manage the policies.
Remote VPN Endpoint Otherwise, select the desired option (IP address or Domain Name) and enter the address of the remote VPN endpoint you wish to connect to.

Note: The remote VPN endpoint must have this VPN Gateway's address entered as its "Remote VPN Endpoint".

NETBIOS Enable Check this if you wish NETBIOS traffic to be forwarded over the VPN tunnel. The NETBIOS protocol is used by Microsoft Networking.

Local LAN
Local LAN This identifies which PCs on your LAN are covered by this policy. For each selection, data must be provided as follows:
  • Single address
    Enter an IP address in the "IP address" field. Typically, this setting is used when you wish to make a single Server on your LAN available to remote users.
  • Subnet address
    Enter an IP address in the "IP address" field, and the desired network mask in the "Subnet Mask" field.

The remote VPN endpoint must have these IP addresses entered as its "Remote" addresses.

Remote LAN
Remote LAN This identifies which PCs on the remote LAN are covered by this policy. For each selection, data must be provided as follows:
  • Single PC - no subnet
    Select this option if there is no LAN (only a single PC) at the remote endpoint. If this option is selected, no additional data is required.
  • Single address
    Enter an IP address in the "IP address" field. This must be an address on the remote LAN. Typically, this setting is used when you wish to access a server on the remote LAN.
  • Subnet address
    Enter an IP address in the "IP address" field, and the desired network mask in the "Subnet Mask" field.

The remote VPN endpoint must have these IP addresses entered as its "Local" addresses.

ESP Configuration
SPI Enter the required SPIs. Each policy must have unique SPIs. These settings must match the remote VPN endpoint. Note that the "in" setting here must match the "out" setting on the remote VPN endpoint, and the "out" setting here must match the "in" setting on the remote VPN endpoint.
Encryption Select the desired Encryption Algorithm, and enter the key in the field provided.
  • For DES, the key should be 8 ASCII characters (16 Hex characters).
  • For 3DES, the key should be 24 ASCII characters (48 Hex characters).
Authentication Select the desired Authentication Algorithm, and enter the key in the field provided.
  • For MD5, the key should be 16 ASCII characters (32 Hex characters).
  • For SHA-1, the key should be 20 ASCII (40 Hex characters).