Table of Contents
Advertisement
VPN menu features
IPSec Advanced Setup wizard
Fill in the fields.
If displayed, leave the Initiate Tunnel Negotiation checkbox selected. This causes the tunnel to
a
start trying to negotiate a connection with the remote end immediately rather than waiting for the
remote end of the connection to initiate a connection. Normally this setting, if displayed, should be
enabled. This setting is not displayed if the remote end of the connection has a dynamic IP address.
Enter the applicable Endpoint ID:
b
• Optional Endpoint ID – [Conditional; appears if the tunnel has a static IP address and uses
Preshared Secrets for authentication.] If left blank, defaults to the static IP address. This example
has static IP addresses and uses preshared secrets, so Optional Endpoint ID is displayed. This
example leaves the field blank and allows the default to the static IP address.
• Required Endpoint ID – [Conditional; required if the tunnel has a dynamic or DNS address; or if
RSA digital signatures are used for authentication.] If the remote party is a UTM Firewall device, the
ID must have the form abcd@efgh.
[Optional] To apply IPComp compression before encryption, select the Payload compression
c
checkbox.
[Optional] To offload VPN connections to another UTM Firewall appliance, either select one from the
d
current list of Definitions or click New and enter an IP address of the appliance in the IPSec offload
device field. For general information on VPN offloading, see
can be an IP address range of the following forms:
• a.b.c.d
• a.b.c.d-e
• a.b.c.d-e.f.g.h
• a.b.c.d/e
• a.b.c.d/e.f.g.h
• a.b.c.d+e
This example defines a new IP address for the offload device. Click New and enter 1.1.1.7.
Additional manual configuration is required. Refer to
To allow the tunnel to be re-initiated if the remote party stops responding, select the Dead Peer
e
Detection (DPD) checkbox. The remote party must also support DPD.
• Enter the number of seconds the local endpoint waits before checking for connection in the Delay
field. Default: 9.
• Enter the number of seconds to wait for a response from the endpoint before timing out in the
Timeout field. Default: 30.
[Recommended] To enable automatic renegotiation of the tunnel when the keys are about to expire,
f
select the Initiate Phase 1 & 2 rekeying checkbox.
Click Next. The Remote Endpoint Settings page appears
4
270
McAfee UTM Firewall 4.0.4 Administration Guide
IPSec VPN
offloading. The allowed formats
Configuring for VPN
offloading.
(Figure
270).
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Related Manuals for McAfee SG310
Related Products for McAfee SG310
- McAfee SG720
- McAfee SAV85E - Active VirusScan - PC
- MCAFEE AGENT 4.0 PATCH 2 - FOR WINDOWS S 10-03-2009
- MCAFEE EPOLICY ORCHESTRATOR 4.0 PATCH 5 - S 12-05-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 1 - S 24-04-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 2 - S 31-08-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 3 - S 09-02-2009
- McAfee SMEFCE-AI-DA - Email Security Service Inbound