Step 3-Create a Site to Site Tunnel gateway. Tip: The PSK must be at least eight characters and cannot use special characters. Define the pre-shared key, which is the string that validates the encrypted tunnel between the router and the Web Security Service.Select User Defined select the P1 Proposal from Step 1 and click the arrow to move it to the Selected list.Configure the IKE policy to use the cloud phase 1 proposal defined in Step 1. The device displays the Add Policy/IKE Policy dialog/tab. On the Configure > IPsec > VPN > Auto Tunnel > Phase 1 page, click the IKE Policy tab.Encryption Algorithm- Select a supported value for example, aes-218-cbc.Diffie-Hellman (DH) Group-Select a supported group for example, group5.A descriptive name allows others in your organization to know the purpose. (Optional) Enter a Description the proposal.Authentication Method-Select pre-shared-keys.Authentication Algorithm-Select a supported value for example, sha256.See See Reference: IKE Encryption and Authentication Algorithms. The Web Security Service supports many encryption combinations. The device displays the Add Proposal/IKE Proposal dialog. Select Configure > IPsec VPN > Auto Tunnel > Phase 1.Verify the list has as many interface pairs as required, plus the management interface.Prerequisite A-Verify that the router is ready for configuration. Otherwise, adjust the time. The screenshots in the following procedure might not reflect this advisory. If the current setting is less than four hours, you can leave that value. Note: Symantec has seen outages occur if the Phase 2 Timeout value is set to longer than four (4) hours. The best practice is to set the rekey at the specified lifetime interval instead of for lifebytes.After successful testing, you then add production subnets. You can create a designated host or subnet that tests the IPsec connectivity to the Web Security Service without interrupting the production traffic.Do not send Auth Connector traffic to the Web Security Service.The device must have an external routeable IP address.Depending on your geographical location, you must create at least two VPN gateways. The most basic concept for this method is configure the router with a site-to-site VPN connection and configure the device policy rules to send web-based traffic to the Web Security Service and ignore everything else.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |