VPN menu features
IPSec Advanced Setup wizard
Leave Perfect Forward Secrecy enabled.
f
Leave the Diffie-Hellman group at the default.
g
Click Finish. The tunnel is added to the Tunnel List pane, and the Status column indicates the current
7
status of the tunnel.
Setting up a tunnel using x.509 certificates for authentication
This procedure steps through a basic configuration for using x.509 certificates for authenticating an IPSec
VPN tunnel.This example assumes the remote appliance is a UTM Firewall appliance, and both appliances
have static IP addresses. It also assumes you have uploaded your x.509 certificates. For instructions, refer
to
Adding a certificate for use with IPSec
local and remote certificates and keys must be uploaded to their respective appliances before you can
establish an IPSec VPN tunnel.
From the VPN menu, click IPSec. The IPSec VPN Setup page appears.
1
Click Advanced. The Tunnel Settings page appears
2
Figure 279 IPSec VPN Setup — Tunnel Settings page — x.509 authentication
Fill in the fields.
Enter a unique Tunnel name. This example uses certs.
a
Leave the Enable this tunnel checkbox selected.
b
From the Local Interface list, allow the Local Interface to default to the Default Gateway
c
Interface to the Internet.
Allow the Local and Remote addresses to default to Static IP Address.
d
From the Authentication list, select x.509 Certificates.
e
Click Next. The Local Endpoint Settings page appears
3
276
McAfee UTM Firewall 4.0.4 Administration Guide
VPN. The root CA needs to be uploaded to both appliances. The
(Figure
279).
(Figure
280).