12.12.2. Configuring client rules

PASS

OK

Action to create a rule using UPL.

enabled

Enable/disable a rule:

• enabled(yes) or enabled(true).

• enabled(no) or enabled(false).

name

VPN client rule name.

Example: name("VPN client rule example").

desc

VPN client rule description.

Example: desc("VPN client rule example set in CLI").

profile

VPN security profile that defines a pre-shared encryption key and algorithms for encryption and authentication. Example: profile("Client VPN profile").

For more details on configuring security profiles, see Configuring VPN security profiles.

interface

VPN interface to connect VPN clients. For example, to specify the interface tunnel1: interface(tunnel1).

For more information about how to add and configure VPN interfaces, see Configuring a VPN device.

server_address

IP address of the VPN server to which this VPN client connects. It is usually the IP address of an interface in the Untrusted zone on the UserGate server that acts as a VPN server.

Format: server_address("1.2.3.4").

service

VPN protocol:

• l2tp: L2TP.

• cisco cryptomap: IPsec tunnel.

Format: service = l2tp or service = "cisco cryptomap".

subnet1

IP address of a subnet allowed on the UserGate side (Local network). Format: subnet1("ip/mask").

You need to specify a subnet when selecting the following VPN protocol: IPsec tunnel.

subnet2

IP address of a subnet allowed on the VPN server side (Remote network). Format: subnet2("ip/mask").

You need to specify a subnet when selecting the following VPN protocol: IPsec tunnel.

user

User name to authenticate a server acting as the VPN client. Only for L2TP protocol. Format: user(). Specify the user name in parentheses.

password

VPN user password. Only for L2TP protocol. Format: password(). Specify the password in parentheses.