44 | Chapter 6 - Basic Configuration Guide |
|
|
5. Set an IPSec Gateway.
For dual Ethernet setups, the IPSec Gateway is the equivalent of a default gateway for the IPSec interface (Ethernet 1). Enter the TCP/IP address of the upstream or Internet router for your network. This must be an address on the same TCP/IP network as the Ethernet 1 address of the IntraPort 2/2+.
For single Ethernet setups, the IPSec Gateway is an optional setting. It serves as a default gateway for all IPSec (i.e., tunneled) traffic. Enter the TCP/IP address of your Internet firewalling router. This must be an address on the same TCP/IP network as the Ethernet 0 address of the IntraPort 2/2+.
Use configure and set the IPSecGateway keyword in the General section.
Example
configure general
[ General ] # ipsecgateway = 206.45.55.2
6. Set an IKE Policy.
There are two phases to the IKE negotiation. During Phase 1 negotia- tion, the IntraPort and Client must authenticate each other. The IKE Policy section controls this Phase 1 negotiation. Phase 2 negotiation involves the setup of an individual tunnel connection and is controlled by the Transform keyword in the VPN Group Name section, docu- mented in Step 7.
Use configure and set the Protection keyword in the IKE Policy section. The Protection keyword specifies a protection suite for the IKE negoti- ation between the IntraPort server and client.
Example
configure IKE Policy
[ IKE Policy ]# protection=md5_des_g1