Symantec 360R Administration Guide - Page 91
Configuring dynamic Gateway-to-Gateway tunnels, Gateway-to-Gateway VPN tunnel interoperability
 |
UPC - 037648240185
View all Symantec 360R manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 91 highlights
Establishing secure VPN connections 91 Configuring Gateway-to-Gateway tunnels address of the security gateway changes, it re-establishes Gateway-to-Gateway VPN tunnels with the remote gateway using the new IP address. Gateway-to-Gateway VPN tunnel interoperability When Symantec Gateway Security 5400 Series or Symantec Enterprise Firewall initiates a Gateway-to-Gateway tunnel to a Symantec Gateway Security 300 Series appliance, it begins negotiation in Main Mode. The mode on the VPN tunnel definition on the Symantec Gateway Security 300 Series VPN tunnel definition must be Main Mode or the VPN tunnel will not establish. Symantec Gateway Security 5400 Series and Symantec Enterprise Firewall accept either Main Mode or Aggressive Mode Phase 1 negotiations from a remote gateway. The Symantec Gateway Security 300 Series appliance can be configured for Main or Aggressive Mode. The default is Main Mode. When initiating a VPN tunnel to Symantec Gateway Security 5400 or Symantec Enterprise Firewall, configure the Symantec Gateway Security 300 Series appliance to use Main Mode so that if the remote end is the initiates the VPN tunnel, it does not establish a connection. When a non-Symantec gateway initiates a VPN tunnel to an Symantec Gateway Security 300 Series appliance, the Symantec Gateway Security 300 Series appliance accepts the mode set by the administrator on the tunnel definition. When a Symantec Gateway Security 300 Series appliance initiates a VPN tunnel to a non-Symantec security gateway, the Symantec Gateway Security 300 Series appliance should use the mode set by the administrator on the tunnel definition; the default setting is Main Mode. If Main Mode is not used, it may cause rekey problems if the remote security gateway tries to rekey first. Creating VPN tunnels to Symantec Gateway Security 5400 Series clusters To create a VPN tunnel to a Symantec Gateway Security 5400 Series appliance high-availability/load balancing cluster, define the VPN tunnel using the virtual IP address of the cluster. Tunnels between Symantec Gateway 300 Series and Symantec Gateway Security 5400 Series appliances are supported in highavailability only. Configuring dynamic Gateway-to-Gateway tunnels Dynamic tunnels, also known as IKE (Internet Key Exchange) tunnels, automatically generate authentication and encryption keys. Typically, a long password, called a pre-shared key (also known as a shared secret), is entered. The target security gateway must recognize this key for authentication to
-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86 -
87 -
88 -
89 -
90 -
91 -
92 -
93 -
94 -
95 -
96 -
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
 |
 |
