Dynamic tunnel
Dynamic tunnels differ from static tunnels in that both ends of the tunnel exchange the encryption
keys dynamically. You do not have to configure these ahead of time.
Symantec Firewall/VPN Dynamic tunnel configuration
On the Symantec Firewall/VPN appliance, select the VPN - Dynamic option from the
configuration page. You should be presented with a screen similar to Figure 7-5 on page 7-8.
Initially, the screen you see should be blank, with a few of the defaults entered. In order to properly
configure a dynamic tunnel, you will need the following information from the SEVPN:
•
Gateway IP address of the SEVPN.
•
Shared Secret.
•
Destination network protected by the SEVPN.
•
Netmask of the destination network protected by the SEVPN.
•
Encryption parameters on SEVPN (DES, 3DES, SHA1, etc.)
•
Perfect Forward Secrecy setting.
Figure 7-4: VPN Dynamic tunnel diagram
Dynamic tunnel
7-7