Table of Contents
Advertisement
VPN menu features
IPSec VPN
192.168.135.2 snapped
#DOM:utmfirewall
#PRE
#Note that the name of the domain below is exactly 15 chars before the
#\0x1b declaration.
192.168.135.2 "utmfirewall
#PRE192.168.135.3 accounts
#PRE
This example shows a domain name. You can exclude the domain name and instead only list the names of
computers and their corresponding IP addresses.
If you have win9x/ME you can copy the file into your Windows directory as a file called LMHOSTS. If you
have Windows NT 4.0 or Windows 2000 you can import it through the TCP/IP properties in the network
control panel applet. More information on LMHOSTS files is available at.
•
LMHOSTS file reference
•
Practical information on writing LMHOSTS files
•
Something to be aware of in Domain environments
IPSec VPN
IPSec is the most widely used form of VPN. Unlike PPTP and L2TP, IPSec is governed by RFCs and is not
specific to any particular vendor. IPSec is typically implemented as a client-gateway or gateway-gateway
application.
An IPSec tunnel connects two endpoints. These endpoints may be of different types; however, some
configurations are preferable to others with regards to ease of configuration and security (i.e., main vs.
aggressive mode) and robustness (i.e., relying on an external DNS server). The following is a list of
configurations, from most to least preferable, remote to local location:
Static IP address to static IP address
1
Dynamic IP address to static IP address (as detailed in
2
DNS hostname address to static IP address
3
DNS hostname address to DNS hostname address
4
DNS hostname address to dynamic IP address
5
Authentication
The UTM Firewall appliance supports the following types of authentication:
• Preshared Secret is a common secret (passphrase) that is shared between the UTM Firewall appliance
and the remote party. This authentication method is widely supported, relatively simple to configure, and
relatively secure, although it is somewhat less secure when used with aggressive mode keying.
• RSA Digital Signatures uses a public/private RSA key pair for authentication. The UTM Firewall
appliance can generate these key pairs. The public keys need to be exchanged between the UTM Firewall
appliance and the remote party in order to configure the tunnel. This authentication method is not widely
supported, but is relatively secure and allows dynamic endpoints to be used with main mode keying. Use
this authentication method if you want more security than preshared secrets. This method is also
preferable over x.509 certificates unless you require the ability to expire the certificate automatically after
a specified period of time, or desire a third party to sign certificates rather than self-sign. In those cases,
x.509 certificate authentication is mandatory.
260
McAfee UTM Firewall 4.0.4 Administration Guide
The domain name must be exactly 15 chars long
\0x1b"
IPsec
example)
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Related Manuals for McAfee SG310
Related Products for McAfee SG310
- McAfee SG720
- McAfee SAV85E - Active VirusScan - PC
- MCAFEE AGENT 4.0 PATCH 2 - FOR WINDOWS S 10-03-2009
- MCAFEE EPOLICY ORCHESTRATOR 4.0 PATCH 5 - S 12-05-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 1 - S 24-04-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 2 - S 31-08-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 3 - S 09-02-2009
- McAfee SMEFCE-AI-DA - Email Security Service Inbound