Table of Contents
Advertisement
•
IP Address: 192.168.101.146
•
Username: myusername
•
Password: mypassword
•
Confirm Password: mypassword
•
Port: 389
3.
Click OK
9.4.7. The IPsec Tunnel Selection Process
When an external network device initiates the setting up of an IPsec tunnel, NetDefendOS must
decide which IPsec Tunnel object in the configuration will be used when responding to the
request.
With many different IPsec Tunnel objects in a configuration, it can be useful that the
administrator understands how NetDefendOS decides which tunnel to use. The selection
decision is performed in a three stage process:
Stage 1 - IKE SA Setup
The first stage involves trying to set up an IKE SA which is the basis for a secure control channel
between the local and remote peer. The configuration properties used are:
i.
Local Endpoint.
ii.
Remote Endpoint.
iii.
Source Interface.
iv.
DH Group
Stage 2 - Authentication
In the second stage the peers authenticate themselves to each other. The matching criteria are:
i.
Authentication Method
ii.
Local ID - If specified, this must be acceptable to the remote peer. If not specified, and
certificates are used, a local ID specified in the tunnels host certificate must be acceptable to
the remote peer.
iii.
Remote ID - If specified, the remote peer's ID must match one entry in the ID List assigned to
this property. This is explained further in Section 9.3.8, "Using ID Lists with Certificates".
Stage 3 - IPsec SA Setup
In the final stage, the IPsec SA is negotiated. This is an addition to stage 2.
i.
Local Network.
720
Chapter 9: VPN
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
