Configuring Static Gateway-To-Gateway Tunnels - Symantec 460R - Gateway Security Administrator's Manual

Table 6-4
Task
Define IPsec Security Association Parameters
Select VPN Policy
Define the local security gateway
Define the remote security gateway
Repeat the above steps for the remote security gateway.
To configure a dynamic gateway-to-gateway tunnel
For information on creating global tunnels, see
See "Dynamic Tunnels tab field descriptions"
1
2
3
4
5
6
7
8
9
10 Click Add.

Configuring static gateway-to-gateway tunnels

Static tunnels do not use any information from the Global IKE Policy (Phase 1 negotiation). You must
manually type all of the information necessary to establish the tunnel. However, you can define a VPN
Policy for Phase 2 negotiation.
Dynamic gateway-to-gateway configuration tasks (Continued)
In the left pane, click VPN.
On the Dynamic Tunnels tab, in the Name text box, type a name for the new tunnel.
To edit an existing tunnel, from the VPN Tunnel drop-down list, select a VPN tunnel.
Check Enable VPN Tunnel.
On the VPN Policy drop-down list, select a VPN policy to which you want to bind to the tunnel.
If you have a multi-session PPPoE ISP account, under Local Security Gateway, in the PPPoE Session
drop-down list, select a PPPoE session to which you want to bind to the tunnel.
If you do not have a multi-session PPPoE ISP account, skip this step.
For models 460 and 460R, on the Local Endpoint drop-down list, select an endpoint for the tunnel.
On the ID Type drop-down list, select a Phase 1 ID type.
In the Phase 1 ID text box, type the Phase 1 ID.
Under Remote Security Gateway, do the following:
In the Gateway Address text box, type the remote gateway address.
Optionally, in the ID Type drop-down list, select a Phase 1 ID type.
Optionally, in the Phase 1 ID text box, type the Phase 1 ID.
In the Pre-Shared Key text box, type a key.
In each Remote Subnet IP text box, type the IP address of the destination network.
When defining a global tunnel to Symantec Enterprise Firewall or Symantec Gateway Security
5400 Series appliance, for the remote gateway, enter 0.0.0.0 for the remote subnet IP address.
For global tunnels to another Symantec Gateway Security 400 Series appliance, enter 0.0.0.0 for
the remote subnet IP address.
In each Mask text box, type the netmask of the destination network.
When defining a global tunnel to Symantec Enterprise Firewall or Symantec Gateway Security
5400 Series appliance, for the remote gateway, enter 0.0.0.0 for the netmask.
For global tunnels to another Symantec Gateway Security 400 Series appliance, enter 255.0.0.0 for
the netmask.
Configuring gateway-to-gateway tunnels
Location in SGMI
VPN > Dynamic Tunnels > IPsec Security Association
VPN > Dynamic Tunnels > Local Security Gateway
VPN > Dynamic Tunnels > Remote Security Gateway
"Understanding global tunnels"
on page 145.
Establishing secure VPN connections
on page 77.
73