Symantec 360R - Security Gateway SGS Administration Manual page 90

Gateway security 300 series

Hide thumbs Also See for 360R - Security Gateway SGS:

Installation manual (66 pages)

Quick start card (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

Table of Contents

90 Establishing secure VPN connections

Configuring Gateway-to-Gateway tunnels

If you have another (additional) subnet on the LAN side of the Symantec

Gateway Security 300 Series security gateway, VPN client tunnels to the LAN

side of the security gateway are not supported for computers on this separate

subnet. Only computers residing on the appliance subnet (found on the LAN IP

screen) are supported for LAN/WLAN-side VPN tunnels.

Note: Gateway-to-Gateway VPN tunnels are supported on the appliance's WAN

ports; you cannot define Gateway-to-Gateway VPN tunnels on the appliance's

LAN or WLAN ports.

Supported Gateway-to-Gateway VPN tunnels

The Symantec Gateway Security 300 Series appliance lets you configure two

types of Gateway-to-Gateway VPN tunnels:

Dynamic

The security gateway comes with a predefined global IKE policy that

automatically applies to your IKE Phase 1 negotiations. You can change the

setting of the SA Lifetime parameter in the Global IKE Policy. SA Lifetime

specifies the amount of time that the tunnel rekeys (in minutes). This

parameter is located in VPN > Advanced > Global IKE Settings (Phase 1

Rekey).

Static

Static Gateway-to-Gateway configurations require you to manually enter

tunnel parameters at each security gateway. Both ends must have the same

parameters, including secret keys, security parameter indexes (SPIs),

authentication schemes, encryption methods.

See

"Configuring Gateway-to-Gateway tunnels"

static Gateway-to-Gateway tunnels"

Gateway-to-gateway VPN tunnel persistence and high-

availability

After the security gateway restarts, dynamic Gateway-to-Gateway VPN tunnels

are re-established. Dynamic Gateway-to-Gateway VPN tunnels are also re-

established if the WAN port status changes from disconnected to connected.

This feature reduces management overhead by providing automatic

reconnection of tunnels.

If the VPN tunnel fails to establish after three times, the security gateway waits

between one and five minutes before attempting to reconnect. This process

continues until the VPN tunnel is re-established.

If there is a network failure, the security gateway automatically re-establishes

the VPN tunnel through a backup port (WAN port or serial port). If the IP

on page 88. See

on page 93.

"Configuring

Table of Contents

Show Quick Links

Quick Links:
Accessing the Security Gateway Management Interface

Hide quick links:

Table of Contents

Troubleshooting

Need help?

Do you have a question about the 360R - Security Gateway SGS and is the answer not in the manual?

This manual is also suitable for:

320 360

Symantec 360R - Security Gateway SGS Administration Manual page 90

Hide quick links:

Troubleshooting

Need help?

Related Manuals for Symantec 360R - Security Gateway SGS

This manual is also suitable for:

Table of Contents