Chapter 6
Advanced Features
Local network [localnetwork]
Remote network [remotenetwork]
This parameter is used in the proposal presented to the remote Security Gateway during the Phase 2 negotiation. It determines which messages have access to the IPSec connection at the local side of the tunnel. This is basic parameter for the dynamic IPSec policy capabilities of the SpeedTouch™. As an outcome of the Phase2 negotiations, a static IPSec policy is derived. This results in a cloned connection, where the parameters localmatch, remotematch, localselector, remoteselector are automatically filled in by the SpeedTouch™.
The valid settings are:
the keyword: retrieve_from_server
This setting can be used in an IPSec client/server configuration. It is only relevant at the client side of the connection where the SpeedTouch™ acts as an initiator for the IPSec Security Association.
the keyword: black_ip
This setting is used only for remote management scenarios where the IPSec tunnel is used exclusively for information generated or terminated by the SpeedTouch™.
a symbolic name of a network descriptor
This is the most common selection in a
This parameter describes the remote network that may use the IPSec connection. This parameter expresses a dynamic policy, which during the Phase 2 negotiation results in a static policy expressed by the localmatch, remotematch, and localselector and remoteselector parameters.
The valid settings are:
the keyword: retrieve_from_server
This setting can be used in an IPSec client/server configuration. It is only relevant at the client side of the connection where the SpeedTouch™ acts as an initiator for the IPSec Security Association.
the keyword: allocated_virtual_ip
This setting can be used in an IPSec client/server configuration. It is only relevant at the server side of the connection.
the keyword: black_ip
Designates the public IP address of the remote Security Gateway as the end user of the secure connection. This setting is useful for a connection that serves secure remote management of the remote Security Gateway.
a symbolic name of a network descriptor
This setting is used when the network environment at the remote side is completely known. This is often the case in a
214 | |
|