SnapGear 2.0.1 User Manual

Virtual Private Networking

133

Check the Enable IPSec checkbox.

Select the type of IPSec endpoint the CyberGuard SG appliance has on its Internet
interface. In this example, select static IP address.

Leave the Set the IPSec MTU to be checkbox unchecked.

Click the Apply button to save the changes.

Configuring a tunnel to accept connections from the branch office

To create an IPSec tunnel, click the IPSec link on the left side of the Web Management
Console web administration pages, then click the Add New Tunnel tab at the top of the
window. Many of the settings such as the Preshared Secret, Phase 1 and 2 Proposals
and Key Lifetimes will be the same as the branch office.

Tunnel settings page

Fill in the Tunnel name field with an apt description of the tunnel. The name must not
contain spaces or start with a number. In this example, enter: Branch_Office

Leave checked the Enable this tunnel checkbox.

Select the Internet interface the IPSec tunnel is to go out on. In this example, select
default gateway interface option.

Select the type of keying the tunnel will use. In this example, select the Aggressive
mode with Automatic Keying (IKE) option.

Select the type of IPSec endpoint the remote party has. In this example, select the
dynamic IP address option.

Select the type of authentication the tunnel will use. In this example, select the
Preshared Secret option.

Select the type of private network that is behind the CyberGuard SG appliance. In this
example the Headquarters has a single network, so select the single network behind
this appliance option.

Select whether the remote party is a single host or whether it is a gateway that has a
single or has multiple networks behind it. In this example the Branch Office has single
network, so select the single network behind a gateway option.