Symantec 360R Administration Guide - Page 82
About using this Creating security policies, Understanding VPN policies
UPC - 037648240185
View all Symantec 360R manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 82 highlights
82 Establishing secure VPN connections About using this chapter About using this chapter Each section begins with an explanation of the feature it is describing (such as what a VPN policy is, how it works, and how you use it). If you are an experienced network or IT administrator, you may want to proceed directly to the latter half of the section for configuration instructions. If you do not have significant network or IT experience or have never configured a security gateway (Symantec or otherwise), you should read the first half of each section before configuring the feature. At the end of "Configuring Gateway-to-Gateway tunnels" on page 88 and "Configuring Client-to-Gateway VPN tunnels" on page 96, there are worksheets for you to fill out with the information you entered so that you may easily share connection information with your clients and remote gateway administrators. Creating security policies The VPN tunnel establishment negotiation occurs in two phases. In Phase 1, the Internet Key Exchange (IKE) negotiation creates an IKE security association with its peer to protect Phase 2 of the negotiation, which determines the protocol security association for the tunnel. For Gateway-to-Gateway connections, either security gateway can initiate Phase 1 or Phase 2 renegotiation at any time. Either security gateway can also specify intervals after which to renegotiate. For Client-to-Gateway connections, only the client can initiate Phase 1 or Phase 2 renegotiation. Phase 2 renegotiation is referred to as quick mode renegotiation. Note: Symantec Gateway Security 300 Series does not support VPN tunnel compression. To create a Gateway-to-Gateway tunnel between an Symantec Gateway Security 300 Series appliance and a remote Symantec Gateway Security 5400 Series appliance or Symantec Enterprise Firewall, set the compression to NONE on the remote gateway. Understanding VPN policies For each phase of negotiation, the appliance uses a policy, which is a predefined set of parameters. The appliance supports two types of security policies, Global IKE and VPN.