Table of Contents
Advertisement
Branch office VPN with IPSec
and how WatchGuard implements branch office VPN with IPSec, see the Network
Security Handbook.
• Determine the tunnel and policy endpoints
• Select an encryption method
• Select an authentication method
From Policy Manager:
• Select Network => Branch Office VPN => IPSec.
Configuring a gateway
A gateway specifies endpoints for one or more tunnels. The standard specified for a
gateway, such as isakmp automated key negotiation, becomes the standard for
tunnels created with the gateway.
Adding a gateway
From the IPSec Configuration dialog box:
1
Click Gateways.
2
To add a gateway, click Add.
3
Enter the gateway name.
This name identifies a gateway only within Policy Manager.
4
Use the Key Negotiation Type drop list to select either isakmp (dynamic) or
Manual.
For more information, see "Configuring a tunnel with dynamic security" on page 127 and
"Configuring a tunnel with manual security" on page 126.
5
In the Remote Gateway IP field, enter the IP address of the Firebox (or other
IPSec-compliant host) at the other end of the gateway.
6
Enter the shared key.
The Shared Key field is available only for ISAKMP-negotiated gateways. The same key must be
entered at the remote gateway.
7
Click OK.
The Configure Gateways dialog box appears listing the newly configured gateway. Repeat the
Add Gateway procedure to add additional gateways.
8
When you finish adding gateways, click OK to return to the IPSec Configuration
dialog box.
Editing a gateway
From the Configure Gateways dialog box:
1
Click the gateway. Click Edit.
The IPSec Gateway dialog box appears.
2
Make changes according to your security policy preferences.
3
Click OK.
User Guide
125
Advertisement
Table of Contents
