SnapGear 2.0.1 User Manual

Virtual Private Networking

134

Select the type of routing the tunnel will be used as. In this example, select the be a
route to the remote party option.

Click the Continue button to configure the Local Endpoint Settings.

Local endpoint settings page

Leave the Optional Endpoint ID field blank in this example. It is optional because the
CyberGuard SG appliance has a static IP address. If the remote party is a CyberGuard
SG appliance and an Endpoint ID is used, it must have the form abcd@efgh. If the
remote party is not a CyberGuard SG appliance refer the interoperability documents on
the CyberGuard SG knowledge base to determine what form it must take
(

http://www.cyberguard.com/snapgear/knowledgebase.html).

Leave the Enable IP Payload Compression checkbox unchecked.

Leave the Enable Phase 1 & 2 rekeying to be initiated from my end checkbox
checked.

Click the Continue button to configure the Remote Endpoint Settings.

Remote endpoint settings page

Enter the Required Endpoint ID of the remote party. In this example, enter the Local
Endpoint ID at the Branch Office which was: branch@office

Click the Continue button to configure the Phase 1 Settings.

Phase 1 settings page

Set the length of time before Phase 1 is renegotiated in the Key lifetime (m) field. In this
example, leave the Key Lifetime as the default value of 60 minutes.

Set the time for when the new key is negotiated before the current key expires in the
Rekeymargin field. In this example, leave the Rekeymargin as the default value of 10
minutes.

Set the maximum percentage by which the Rekeymargin should be randomly increased
to randomize rekeying intervals in the Rekeyfuzz field. The Key lifetimes for both Phase
1 and Phase 2 are dependent on these values and must be greater that the value of
“Rekeymargin x (100 + Rekeyfuzz) / 100.” In this example, leave the Rekeyfuzz as the
default value of 100%.