This page displays the VPN statistics and configuration.

Name: User defined name of this VPN connection.

State: Enable or Disable the VPN connection.

Connection Type: Select between Host to Host - VPN tunnel for Local and Remote subnets are fixed or Host to Subnet - VPN tunnel for Remote subnet area is dynamic and Local subnet is fixed.

Authentication Mode: The authentication mode of IPSec VPN. Select from PSK, RSA, XAUTH, and X509. Pre-shared Key (PSK) is used when there is a single key common to both ends of the VPN. RSA uses RSA digital signatures. XAUTH provides an additional level of authentication by allowing the IPSec gateway to request extended authentication from remote users, thus forcing remote users to respond with their credentials before being allowed access to the VPN.

Remote Peer Type: Set the remote peer type. This can enable additional processing during the IKE negotiation.

Mode Configuration: Enable or diabled extended authentication operation and the settings provided to the client during the configuration exchange.

Type: Tunnel or Transport. Tunnel Mode is used for protecting traffic between different networks, when traffic must pass through an intermediate, untrusted network. Transport Mode is used for end-to-end communications (for example, for communications between a client and a server)..

Interface: Interface to use to connect to VPN Gateway.

Remote End Point: Remote VPN Gateway’s IP Address.

Remote Subnet: Subnet behind the VPN Gateway.

Remote ID: : Specifies the identifier we expect to receive from the remote host during Phase 1 negotiation.

Remote Router Next Hop: next-hop gateway IP address for the VPN Gateway.

Local Subnet: Defines what local devices have access to or can be accessed from the VPN connection.

Local ID: Specifies the identifier sent to the remote host during Phase 1 negotiation.

Local Router Next Hop: next-hop gateway IP address for our connection to the public network.

Perfect Forward Secrecy: whether Perfect Forward Secrecy of keys is desired on the connection's keying channel. Enabling this feature will require IKE to generate a new set of keys in Phase 2 rather than using the same key generated in Phase 1

Local RSA Key: For RSA, it is the device's key for RSA signature authentication.

Local Key Length: For RSA, it is the device's key length for RSA signature authentication.

Remote Key: For RSA, it is the VPN Gateway's key for RSA signature authentication. For XAUTH, it is the Group password

Pre-shared Key (PSK): Pre-Shared Key used in the IPSec setting between the Local and VPN Gateway.

Username: Username for authenticating with VPN Gateway

Password: Password for authenticating with VPN Gateway

Agrressive Mode: Enable or disable Aggressive Mode. In Aggressive mode, IKE tries to combine as much information into fewer packets while maintaining security. Aggressive mode is slightly faster but less secure.

NAT Traversal: Enable or disable NAT Traversal. If there is an external NAT device between VPN tunnels, the user must enable NAT Traversal.

ISAKMP Phase 1 Encryption: Encryption Algorithm in key exchange.

ISAKMP Phase 1 Authentication: Hash Algorithm in key exchange.

ISAKMP Phase 1 DH Group: Diffie-Hellman groups (the Key Exchange group between the Remote and VPN Gateways).

ISAKMP Phase 1 IKE Lifetime: Lifetime for IKE SA.

ISAKMP Phase 2 Encryption: Encryption Algorithm in data exchange.

ISAKMP Phase 2 Authentication: Hash Algorithm in data exchange.

ISAKMP Phase 2 DH Group: Diffie-Hellman groups (the Key Exchange group between the Remote and VPN Gateways) for Phase 2.

ISAKMP Phase 2 SA Lifetime: Lifetime for SA in Phase 2.

Use Unreachable Host Detection Host and Ping Interval to monitor connectivity with a host on the remote network. The VPN tunnel is restarted if Max Tries pings to the host fail.