Symantec 360R Administration Guide - Page 83
Global IKE Policy Phase 1, non-configurable, except for SA, lifetime parameter, VPN Policies Phase 2
UPC - 037648240185
View all Symantec 360R manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 83 highlights
Establishing secure VPN connections 83 Creating security policies Global IKE Policy (Phase 1, non-configurable, except for SA lifetime parameter) The security gateway includes a predefined global IKE policy that automatically applies to your IKE Phase 1 negotiations. This global IKE policy works in conjunction with the VPN policy you configure for Phase 2 negotiations. The Global IKE Policy provides the parameters that define Phase 1 negotiations of the IKE tunnel, while the VPN policy you configure and select provides the parameters for Phase 2 negotiations. The only parameter in the Global IKE Policy whose setting can be changed is the SA (security association) Lifetime, which specifies the period of time after which the tunnel rekeys (in minutes). This parameter is located in VPN > Advanced > Global IKE Settings (Phase 1 Rekey). When two security gateways are negotiating Phase 1, the first security gateway sends a list of proposals, called a transform proposal list. The security gateway to which it is connecting then selects a proposal from the list that it likes best, generally the strongest available option. You cannot change the transform proposal list on the appliance; however this information may be useful to give to the remote gateway administrator.Table 6-1 lists the order of the Symantec Gateway Security 300 IKE proposals. Table 6-1 IKE proposal order Data Privacy Data Integrity Diffie-Hellman 3DES 3DES 3DES 3DES DES DES SHA1 MD5 SHA1 MD5 SHA1 MD5 Group 5 Group 5 Group 2 Group 2 Group 1 Group 1 Some settings are configurable at a global level for Client-to-Gateway tunnels. See "Setting global policy settings for Client-to-Gateway VPN tunnels" on page 101. VPN Policies (Phase 2, configurable) The security gateway includes a set of four pre-defined, configurable VPN policies that apply to Phase 2 tunnel negotiations. Rather than configuring data privacy, data integrity, and data compression algorithms for every tunnel you create, the security gateway lets you configure standard, reusable VPN policies