SnapGear 1.7.8 User Manual

Enter the local gateway settings. Internal subnet/netmask is the private network behind
the SnapGear appliance. External IP is the public-network interface that the SnapGear
appliance will use for IPSec.

The Authentication Identifier is required when using RSA key signatures for multiple
Road Warriors and is used to identify the other participant during authentication. If this
field is blank, the Authentication Identifier defaults to the External IP.

Nexthop refers to the next-hop gateway IP address to the public network this field is not
normally required and can be left blank. This option is only available if you have chosen a
specific route; SnapGear recommends that you use the default route. Enter the remote
gateway settings. To connect to/from a remote machine that does not have a fixed IP
address (e.g. a Road Warrior), enter an External IP of 0.0.0.0 only.

Dead Peer Detection allows the tunnel to be restarted if the remote gateway stops
responding. This option is only used if the remote gateway supports Dead Peer
Detection. It operates by sending notifications and waiting for acknowledgements. Delay
is the time between notifications. The tunnel will be restarted if no acknowledgements
have been received for a period of Timeout.

The recommended keying used in IPSec is Automatic Keying (IKE). The default and
recommended method of authentication is using a Pre-Shared secret that should be at
least 24 characters long. This should be a phrase that you can remember easily but is
difficult for others to guess. You can also authenticate using RSA digital signatures.

Virtual Private Networking

87