Enter the local gateway settings. Internal subnet/netmask is the private network behind the SnapGear appliance. External IP is the public-network interface that the SnapGear appliance will use for IPSec.

The Authentication Identifier is required when using RSA key signatures for multiple Road Warriors and is used to identify the other participant during authentication. If this field is blank, the Authentication Identifier defaults to the External IP.

Nexthop refers to the next-hop gateway IP address to the public network this field is not normally required and can be left blank. This option is only available if you have chosen a specific route; SnapGear recommends that you use the default route. Enter the remote gateway settings. To connect to/from a remote machine that does not have a fixed IP address (e.g. a Road Warrior), enter an External IP of 0.0.0.0 only.

Dead Peer Detection allows the tunnel to be restarted if the remote gateway stops responding. This option is only used if the remote gateway supports Dead Peer Detection. It operates by sending notifications and waiting for acknowledgements. Delay is the time between notifications. The tunnel will be restarted if no acknowledgements have been received for a period of Timeout.

The recommended keying used in IPSec is Automatic Keying (IKE). The default and recommended method of authentication is using a Pre-Shared secret that should be at least 24 characters long. This should be a phrase that you can remember easily but is difficult for others to guess. You can also authenticate using RSA digital signatures.

87

Virtual Private Networking

Page 89 Page 91
Page 90
Image 90
SnapGear 1.7.8 manual Virtual Private Networking
Page 89 Page 91
Top Page Image Contents