Table of Contents
Advertisement
3. DNS hostname address to static IP address
4. DNS hostname address to DNS hostname address
5. DNS hostname address to dynamic IP address
Select the type of IPSec endpoint this CyberGuard SG appliance has on the interface on
which the tunnel is going out. The CyberGuard SG appliance can either have a static IP,
dynamic IP or DNS hostname address. If a dynamic DNS service is to be used or
there is a DNS hostname that resolves to the IP address of the port, then the DNS
hostname address option should be selected. In this example, select dynamic IP
address.
Select the type of IPSec endpoint the remote party has. The remote endpoint can have a
static IP address, dynamic IP address or a DNS hostname address. In this example,
select the static IP address option.
Select the type of authentication for the tunnel to use. The CyberGuard SG appliance
supports the following types of authentication:
Preshared Secret is a common secret (passphrase) that is shared between the
CyberGuard SG appliance and the remote party.
This authentication method is widely supported, relatively simple to configure, and
relatively secure, although it is somewhat less secure when used with aggressive
mode keying.
RSA Digital Signatures uses a public/private RSA key pair for authentication.
The CyberGuard SG appliance can generate these key pairs. The public keys
need to be exchanged between the CyberGuard SG appliance and the remote
party in order to configure the tunnel.
This authentication method is not widely support, but is relatively secure and
allows dynamic endpoints to be used with main mode keying.
x.509 Certificates are used to authenticate the remote party against a Certificate
Authority's (CA) certificate. The CA certificate must have signed the local
certificates that are used for tunnel authentication. Certificates need to be
uploaded to the CyberGuard SG appliance before a tunnel can be configured to
use them (see Certificate Management).
This authentication method is widely supported and very secure, however
differering terminology between vendors can make it difficult to set up a tunnel
between a CyberGuard SG appliance and an appliance from another vendor.
This authentication method allows dynamic endpoints to be used with main mode
keying.
Virtual Private Networking
202
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the SG300 and is the answer not in the manual?
Questions and answers