SnapGear 2.0.1 User Manual
Page 126
Virtual Private Networking
122
•
x.509 Certificates are used to authenticate the remote party against a Certificate
Authority's (CA) certificate. The CA certificate must have signed the local
certificates that are used for tunnel authentication. Certificates need to be
uploaded to the CyberGuard SG appliance before a tunnel can be configured to
use them (see Certificate Management).
•
Manual Keys establishes the tunnel using predetermined encryption and
authentication keys.
In this example, select the Preshared Secret option.
Select the type of private network that is behind the CyberGuard SG appliance. The
following types of networks are supported:
•
Single network is selected when a single subnet resides behind the CyberGuard
SG appliance that the remote party will have access to.
•
Multiple networks is selected when multiple subnets reside behind the
CyberGuard SG appliance that the remote party will have access to.
•
Masqueraded network is selected when all traffic behind the CyberGuard SG
appliance is seen as originating from its Internet IP address by the remote party.
The remote party will not have any access to the network behind the CyberGuard
SG appliance.
In this example, select the single network behind this appliance option.
Select whether the remote party is a single host or whether it is a gateway that has a
single network or has multiple networks behind it. In this example, select the single
network behind a gateway option.
Select in which way the tunnel should be utilized to route traffic. The CyberGuard SG
appliance can support following types of routing:
•
Be a route to the remote party is selected when the tunnel sets up a route to the
remote party's subnet(s).
•
Be this appliance's default gateway for all traffic is selected when the tunnel
will be the default gateway for all traffic to the remote party.
•
Be the remote party's default gateway for all traffic is selected when the
tunnel will be the default gateway for all traffic from the remote party.