•ESP security in tunnel mode
•DES and 3DES (TripleDES) encryption
•
•HMAC MD5 authentication/data integrity or HMAC SHA1 authentication/data integrity
•Aggressive and Main Mode
•NAT Traversal
•Replay Detection
•IPSec Redundancy
•Perfect Forward Secrecy
•VPN concentrator for hub and spoke configurations
To successfully establish an IPSec VPN tunnel, the
•NetScreen Internet security appliances
•SonicWALL PRO firewall
•Cisco PIX firewall
•Cisco IOS router
•Check Point NG firewall
•Check Point
•Check Point
•Check Point
•Check Point
•Linksys firewall router
•SafeNet IPSec VPN client
•Secure Computing Sidewinder
•SSH Sentinel
For more information about
Configuring AutoIKE key IPSec VPN
An AutoIKE key VPN configuration consists of a remote gateway, an AutoIKE key VPN tunnel, the source and destination addresses for both ends of the tunnel, and an encrypt policy to control access to the VPN tunnel.
Normally an AutoIKE key VPN tunnel requires one remote gateway. This can be a gateway with a static IP address or a dialup gateway. For IPSec redundancy, you can add up to three remote gateways with static IP addresses to an AutoIKE key tunnel. For information about IPSec redundancy, see Configuring IPSec redundancy.
To create an AutoIKE key VPN configuration:
•Add a remote gateway.
See Adding a remote gateway.
•Add an AutoIKE key VPN tunnel that includes the remote gateway that you added in step 1. See Adding an AutoIKE key VPN tunnel.
•Add an encrypt policy that includes the tunnel, source address, and destination address for both ends of the tunnel.
49 | |
|