SnapGear 2.0.1 User Manual
Page 128
Virtual Private Networking
124
Note
This option will not be available when the CyberGuard SG appliance has a static IP
address and the remote party has a dynamic IP address.
Enter the Required Endpoint ID of the CyberGuard SG appliance. This ID is used to
authenticate the CyberGuard SG appliance to the remote party. It is required because
the CyberGuard SG appliance in this example has a dynamic IP address. This field will
also be required if RSA Digital Signatures are used for authentication.
It becomes optional if the CyberGuard SG appliance has a static IP address and is using
Preshared Secrets for authentication. If it is optional and the field is left blank, the
Endpoint ID defaults to the static IP address. If the remote party is a CyberGuard SG
appliance, the ID must have the form abcd@efgh. If the remote party is not a
CyberGuard SG appliance, refer the interoperability documents on the CyberGuard SG
knowledge base web site (
http://www.cyberguard.com/snapgear/knowledgebase.html
) to
determine what form it must take. In this example, enter: branch@office
Leave the Enable IP Payload Compression checkbox unchecked. If compression is
selected, IPComp compression is applied before encryption.
Check the Enable Dead Peer Detection checkbox. This allows the tunnel to be
restarted if the remote party stops responding. This option is only used if the remote
party supports Dead Peer Detection. It operates by sending notifications and waiting for
acknowledgements.
Enter the Delay and Timeout values for Dead Peer Detection. The default times for the
delay and timeout options are 9 and 30 seconds respectively. This means that a Dead
Peer Detection notification will be sent every 9 seconds (Delay) and if no response is
received in 30 seconds (Timeout) then the CyberGuard SG appliance will attempt to
restart the tunnel. In this example, leave the delay and timeout as their default values.
Leave the Enable Phase 1 & 2 rekeying to be initiated from my end checkbox
checked. This enables automatic renegotiation of the tunnel when the keys are about to
expire.
Click the Continue button to configure the Remote Endpoint Settings.