Configuring Dynamic Routing; Enabling Rip Authentication For Dynamic Routing - Watchguard SSL 1000 User Manual

Vpn gateway

Hide thumbs Also See for SSL 1000:

Setup manual (6 pages)

Hardware manual (31 pages)

Quick reference manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

Table of Contents

Dynamic and Static Routing

Configuring Dynamic Routing

When dynamic routing is selected, the Firebox SSL VPN Gateway operates as follows:

• It listens for route information published through RIP and automatically populates its routing

table.

• If the Dynamic Gateway option is enabled, the Firebox SSL VPN Gateway uses the Default

Gateway provided by dynamic routing, rather than the value specified on the General

Networking tab.

• It disables any static routes created for the Firebox SSL VPN Gateway. If you later choose to

disable dynamic routing, any previously created static routes appear again in the Firebox SSL VPN

Gateway routing table.

To configure dynamic routing

Click the VPN Gateway Cluster tab and then click the Routes tab.

In Select routing type, select Dynamic Routing (RIP).

Selecting this option disables the static routes area. If static routes are defined, they do not display in the routing

table although they are still available if you want to switch back to static routing.

Click Enable Dynamic Gateway to use the default gateway provided by the routing server(s).

Selecting this check box disables use of the Default Gateway that is specified on the General Networking tab.

In Routing Interface, choose the Firebox SSL VPN Gateway network adapter(s) to be used for

dynamic routing. Typically, your routing server(s) are inside your firewall, so you would choose the

internal network adapter for this setting.

Click Submit.

Dynamic routes are not displayed in the Firebox SSL VPN Gateway routing table.

Enabling RIP Authentication for Dynamic Routing

To enhance security for dynamic routing, you can configure the Firebox SSL VPN Gateway to support RIP

authentication.

Your RIP server must transmit RIP 2 packets to use RIP authentication. RIP 1 does not support

authentication.

To support RIP authentication, both the RIP server and the Firebox SSL VPN Gateway must be config-

ured to use a specific authentication string. The RIP server can transmit this string as plain text or

encrypt the string with MD5.

If the RIP server encrypts the authentication string with MD5, you must also select the MD5 option on

the Firebox SSL VPN Gateway.

You can configure the Firebox SSL VPN Gateway to listen for the RIP authentication string on Interface 0,

Interface 1, or both interfaces.

To enable RIP authentication for dynamic routing

On the Firebox SSL VPN Gateway Cluster tab, open the window for an appliance.

Click the Routes tab.

In Routing Interface, select either Interface 0, Interface 1, or Both to specify the interface(s) on

which the Firebox SSL VPN Gateway listens for the RIP authentication string.

Select the RIP Authentication String for Interface check box.

Note

Firebox SSL VPN Gateway

Table of Contents

Troubleshooting

This manual is also suitable for:

Ssl 500 Firebox ssl series

Configuring Dynamic Routing; Enabling Rip Authentication For Dynamic Routing - Watchguard SSL 1000 User Manual

Configuring Dynamic Routing

Enabling RIP Authentication for Dynamic Routing

Troubleshooting

Related Manuals for Watchguard SSL 1000

Related Content for Watchguard SSL 1000

This manual is also suitable for:

Table of Contents