Secure Computing SG300 User Manual page 110

Add the LAN connection to a bridge, as described in the section entitled Bridging earlier
in this chapter.
Give the LAN interface bridge a secondary address that is part of the network we want
bridged across the tunnel. Adding an alias is described in Aliases in the section entitled
Direction Connection earlier in this chapter. In this example, the Brisbane end uses an
alias address of 10.254.0.1, and the Slough end uses an alias address of 10.254.0.2.
Ensure the alias address is not part of the network to bridge across the tunnel (in this
example, it mustn't be part of 192.168.0.0 / 24), and not on the same network as any of
the SnapGear unit's other interfaces.
Note
The alias IP addresses are essentially dummy addresses and can be anything that does
not conflict with your existing network infrastructure.
Create an IPSec tunnel between Brisbane and Slough: Select IPSec from the VPN
section of the main menu and click New. For a complete overview of all available options
when setting up an IPSec tunnel, refer to the IPSec section earlier in this chapter.
Take note of the following important settings:
Set the local party as a single network behind this appliance. Set the remote
party as single network behind a gateway.
For the Slough end's Phase 2 Settings, specify the Local Network as 10.254.0.1 /
255.255.255.255 and the Remote Network as 10.254.0.2 / 255.255.255.255. For
the Brisbane end's Phase 2 Settings, specify the Local Network as 10.254.0.2 /
255.255.255.255 and the Remote Network as 10.254.0.1 / 255.255.255.255. Note
the 32 bit netmasks (255.255.255.255) being used.
Create the GRE tunnel: Under the main Network Setup table, select GRE Tunnel and
click Add. For the Slough end, enter:
GRE Tunnel Name:
Remote Address:
Local Address:
Firewall Class:
For the Brisbane end, enter:
Network Setup
to_bris
10.254.0.2
10.254.0.1
LAN
104