User manual

Virtual Private Networking

214

Select the Internet interface the IPSec tunnel is to go out on. In this example, select

default gateway interface option.

Select the type of keying for the tunnel to use. In this example, select the Aggressive

mode with Automatic Keying (IKE) option.

Select the type of IPSec endpoint this SG unit has. In this example, select the static IP

address option.

Select the type of IPSec endpoint the remote party has. In this example, select the

dynamic IP address option.

Select the type of authentication for the tunnel to use. In this example, select the

Preshared Secret option.

Click the Next button to configure the Local Endpoint Settings.

Local endpoint settings page

Leave the Optional Endpoint ID field blank in this example. It is optional because this

SG unit has a static IP address. If the remote party is a SG unit and an Endpoint ID is

used, it must have the form abcd@efgh. If the remote party is not a SG unit refer the

interoperability documents on the SG Knowledge Base to determine what form it must

take (http://www.cyberguard.com/snapgear/knowledgebase.html).

Leave the Enable IP Payload Compression checkbox unchecked.

Leave the Enable Phase 1 & 2 rekeying to be initiated from my end checkbox

checked.

Click the Next button to configure the Remote Endpoint Settings.

Remote endpoint settings page

Enter the Required Endpoint ID of the remote party. In this example, enter the Local

Endpoint ID at the Branch Office which was: branch@office

Click the Next button to configure the Phase 1 Settings.