∙The Phase 2 proposal wanted. The line ESP algorithms wanted reads
Negotiation State reports what stage of the negotiation process the tunnel is in. In this example it has initiated and sent the first aggressive mode packet (AI1) and is expecting its response (AR1) in the line STATE_AGGR_I1 (sent AI1, expecting AR1). Once the Phase 1 has been successfully negotiated, the status will have the line ISAKMP SA established. Once the Phase 2 has been successfully negotiated, the status will read IPSec SA established. The tunnel will then be established and running.
Enable/disable
One or more tunnel can be enabled or disabled by checking the checkbox to the right of the tunnel, and clicking Enable or Disable under the Tunnel List menu.
Delete
One or more tunnel can be enabled or disabled by checking the checkbox to the right of the tunnel, and clicking Delete under the Tunnel List menu.
NAT Traversal Support
NAT Traversal allows tunnels to be established when the IPSec endpoints reside behind NAT devices. If any NAT devices are detected, the NAT Traversal feature is automatically used. It cannot be configured manually on the CyberGuard SG appliance.
Dynamic DNS Support
Internet Service Providers generally charge higher fees for static IP addresses than for dynamic IP addresses when connecting to the Internet. The CyberGuard SG appliance can reduce costs since it allows tunnels to be established with both IPSec endpoints having dynamic IP addresses. The two endpoints must, however, be CyberGuard SG appliances and at least one end must have dynamic DNS enabled. The CyberGuard SG appliance supports a number of dynamic DNS providers. When configuring the tunnel, select the DNS hostname address type for the IPSec endpoint that has dynamic DNS supported and enable Dead Peer Detection. If the IP address of the CyberGuard SG appliance's DNS hostname changes, the tunnel will automatically renegotiate and establish the tunnel.
