Netgear UTM9S – ProSECURE Unified Threat Management (UTM) Appliance with DSL and Wireless modules 参照マニュアル
Virtual Private Networking Using IPSec Connections
281
ProSecure Unified Threat Management (UTM) Appliance
Assign IP Addresses to Remote Users (Mode Config)
To simplify the process of connecting remote VPN clients to the UTM, use the Mode Config
feature to automatically assign IP addresses to remote users, including a network access IP
address, subnet mask, WINS server, and DNS address. Remote users are given IP
addresses available in a secured network space so that remote users appear as seamless
extensions of the network.
feature to automatically assign IP addresses to remote users, including a network access IP
address, subnet mask, WINS server, and DNS address. Remote users are given IP
addresses available in a secured network space so that remote users appear as seamless
extensions of the network.
Mode Config Operation
After the IKE Phase 1 negotiation is complete, the VPN connection initiator (which is the
remote user with a VPN client) requests the IP configuration settings such as the IP address,
subnet mask, WINS server, and DNS address from the UTM. The Mode Config feature
allocates an IP address from the configured IP address pool and activates a temporary IPSec
policy, using the information that is specified in the Traffic Tunnel Security Level section of the
Mode Config record (on the Add Mode Config Record screen that is shown in
remote user with a VPN client) requests the IP configuration settings such as the IP address,
subnet mask, WINS server, and DNS address from the UTM. The Mode Config feature
allocates an IP address from the configured IP address pool and activates a temporary IPSec
policy, using the information that is specified in the Traffic Tunnel Security Level section of the
Mode Config record (on the Add Mode Config Record screen that is shown in
Note:
After configuring a Mode Config record, you need to manually
configure an IKE policy and select the newly created Mode Config
record from the Select Mode Config Record drop-down list (see
record from the Select Mode Config Record drop-down list (see
on page 281). You do
not need to make changes to any VPN policy.
Note:
An IP address that is allocated to a VPN client is released only after
the VPN client has gracefully disconnected or after the SA liftetime
for the connection has timed out.
for the connection has timed out.
Configure Mode Config Operation on the UTM
To configure Mode Config on the UTM, first create a Mode Config record, and then select the
Mode Config record for an IKE policy.
Mode Config record for an IKE policy.
To configure Mode Config on the UTM:
1.
Select VPN > IPSec VPN > Mode Config. The Mode Config screen displays: