Print Download Complete help as Archive Send Feedback

Previous

Next

VPN Communities - Advanced

What can I do here?

Use this window to set IKE security associations and enable NAT inside the community.

Getting Here

Getting Here - SmartConsole > Security Policies > Access Control > Policy > Access Tools > VPN Communities > New Star/Meshed Community > Advanced

IKE and NAT inside the Community

IKE is the Internet Key Exchange protocol used in VPN for exchanging key-building material. Despite the name, keys are never actually exchanged. Only the material (random bits and mathematical data) used to build the keys are exchanged. IKE takes place in two phases.

IKE (Phase 1)

Change the default settings to alter the way the IKE Security Association is negotiated.

IPSEC (Phase 2)

Change the default settings to alter the way the IPSEC Security Association is negotiated.

NAT

Even if NAT is configured it is possible to disable NAT inside the VPN community. If NAT is disabled, when a host behind a community member opens a connection with another host behind a community member, the original IP addresses are used. Other connections use the translated address.