Configuring a tunnel with manual security – WatchGuard Technologies FireboxTM System 4.6 User Manual

Page 136

Advertising
background image

Branch office VPN with IPSec

126

Removing a gateway

From the Configure Gateways dialog box:

1

Click the gateway.

2

Click Remove.

Configuring a tunnel with manual security

A tunnel encapsulates packets between two gateways. It specifies encryption type
and/or authentication method. A tunnel also specifies endpoints. The following
describes how to configure a tunnel using a gateway with the manual key negotiation
type. From the IPSec configuration dialog box:

1

Click Tunnels.

2

To add a new tunnel, click Add.

3

Click a gateway with manual key negotiation type to associate with this tunnel.
Click OK.

4

Type a tunnel name.

Policy Manager uses the tunnel name as an identifier.

5

Click the Manual Security tab.

6

Click Settings.

7

Click either the ESP or AH security method option. Configure the chosen security
method.

For more information, see “Using Encapsulated Security Protocol (ESP)” on page 126 and

“Using Authenticated Headers (AH)” on page 127.

8

To use the same settings for both incoming and outgoing traffic, enable the Use
Incoming Settings for Outgoing checkbox.

If you enable this checkbox, you are done with the Security Association Setup dialog box and

can proceed to the next step. If you clear this checkbox, click the Outgoing tab and configure the

security associations for outgoing traffic. The fields have the same rules and parameter ranges

as the Incoming tab.

9

Click OK.

The Configure Tunnels dialog box appears displaying the newly created tunnel. Repeat the tunnel

creation procedure until you have created all tunnels for this particular gateway.

10 After you add all tunnels for this gateway, click OK.

The Configure Gateways dialog box appears.

11 To configure more tunnels for another gateway, click Tunnels. Select a new

gateway and repeat the tunnel creation procedure for that gateway.

12 When all the tunnels are created, click OK.

Using Encapsulated Security Protocol (ESP)

1

Type or use the SPI scroll control to identify the Security Parameter Index (SPI).

You must select a number between 257 and 1023.

2

Use the Encryption drop list to select an encryption method.

Options include: None (no encryption), DES-CBC (56-bit), and 3DES-CBC (168-bit).

3

Click Key.

4

Type a passphrase. Click OK.

The passphrase appears in the Encryption Key field. You cannot enter a key here directly.

Advertising
Popular Brands
Popular manuals