Cisco SA520-K9 Administration Guide - Page 149
Configuring VPN, Configuring Auto-Rollover, Load, Balancing, and Failure Detection, Dynamic
UPC - 882658266744
View all Cisco SA520-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 149 highlights
Configuring VPN Advanced Configuration of IPsec VPN 7 STEP 2 To add a VPN policy, click Add. Other options: Click the Edit button to edit an entry. To delete an entry, check the box and then click Delete. To select all entries, check the box in the first column of the table heading. After you click Add or Edit, the VPN Policy Configuration window opens. STEP 3 In the General area, enter the following information: • Policy Name: Enter a unique name to identify the policy. • Policy Type: Choose one of the following types: - Auto: Some parameters for the VPN tunnel are generated automatically. The IKE (Internet Key Exchange) protocol is used to perform negotiations between the two VPN endpoints. To create an Auto VPN Policy, you need to first create an IKE policy and then add the corresponding Auto Policy for that IKE Policy. - Manual: All settings (including the keys) for the VPN tunnel are manually input for each end point. No third party server or organization is involved. • Select Local Gateway: If you configured the Optional Port for use as a WAN port, choose which WAN interface will act as one end of the tunnel: Dedicated WAN or Optional WAN. • Remote End Point: Choose to identify the remote end point by the IP address or the Internet Name/FQDN of the remote gateway or the client PC. Also enter the IP address or the Internet Name/FQDN in the field below the drop-down list. • Enable NetBIOS: Check this box to enable NetBIOS, which is a program that carries out name resolution. This option allows NetBIOS broadcasts to travel over the VPN tunnel. • Enable RollOver: This option is applicable if you have two ISP links and if you have enabled Auto-Rollover (see Configuring Auto-Rollover, Load Balancing, and Failure Detection, page 57). In this case, you can check the Enable RollOver box to ensure that VPN traffic rolls over to the backup link whenever the primary link fails. The security appliance will automatically update the local WAN gateway for the tunnel based on the optional WAN link configuration. For this type of configuration, Dynamic DNS has to be configured because the IP address will change due to failover. See Dynamic DNS, page 76. Cisco SA500 Series Security Appliances Administration Guide 149