Configuring Dynamic Gateway-To-Gateway Tunnels - Symantec 360R - Security Gateway SGS Administration Manual

Gateway security 300 series

Hide thumbs Also See for 360R - Security Gateway SGS:

Installation manual (66 pages)

Quick start card (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

Table of Contents

Establishing secure VPN connections

Configuring Gateway-to-Gateway tunnels

address of the security gateway changes, it re-establishes Gateway-to-Gateway

VPN tunnels with the remote gateway using the new IP address.

Gateway-to-Gateway VPN tunnel interoperability

When Symantec Gateway Security 5400 Series or Symantec Enterprise Firewall

initiates a Gateway-to-Gateway tunnel to a Symantec Gateway Security 300

Series appliance, it begins negotiation in Main Mode. The mode on the VPN

tunnel definition on the Symantec Gateway Security 300 Series VPN tunnel

definition must be Main Mode or the VPN tunnel will not establish.

Symantec Gateway Security 5400 Series and Symantec Enterprise Firewall

accept either Main Mode or Aggressive Mode Phase 1 negotiations from a

remote gateway. The Symantec Gateway Security 300 Series appliance can be

configured for Main or Aggressive Mode. The default is Main Mode. When

initiating a VPN tunnel to Symantec Gateway Security 5400 or Symantec

Enterprise Firewall, configure the Symantec Gateway Security 300 Series

appliance to use Main Mode so that if the remote end is the initiates the VPN

tunnel, it does not establish a connection.

When a non-Symantec gateway initiates a VPN tunnel to an Symantec Gateway

Security 300 Series appliance, the Symantec Gateway Security 300 Series

appliance accepts the mode set by the administrator on the tunnel definition.

When a Symantec Gateway Security 300 Series appliance initiates a VPN tunnel

to a non-Symantec security gateway, the Symantec Gateway Security 300 Series

appliance should use the mode set by the administrator on the tunnel definition;

the default setting is Main Mode. If Main Mode is not used, it may cause rekey

problems if the remote security gateway tries to rekey first.

Creating VPN tunnels to Symantec Gateway Security 5400

Series clusters

To create a VPN tunnel to a Symantec Gateway Security 5400 Series appliance

high-availability/load balancing cluster, define the VPN tunnel using the virtual

IP address of the cluster. Tunnels between Symantec Gateway 300 Series and

Symantec Gateway Security 5400 Series appliances are supported in high-

availability only.