beautypg.com

Lan to lan tunnels with pre-shared keys – Amer Networks E5Web GUI User Manual

Page 599

background image

The advanced settings for DPD are described further in Section 9.4.6, “IPsec Advanced Settings”.
DPD is enabled by default for cOS Core IPsec tunnels. Disabling does not disable to ability to
respond to DPD-R-U-THERE from another peer.

Using Autoestablish

By default, LAN to LAN IPsec tunnels are established only at the time that traffic tries to flow
through them. By enabling the IPsec tunnel property Autoestablish, LAN to LAN tunnels are
established without any traffic flowing. This is useful in the following situations:

With route failover, a tunnel for the alternate route is always established.

After a reconfigure operation is performed on cOS Core, the tunnels are immediately
reestablished without waiting for any traffic to flow.

If there is a Clavister Security Gateway on both sides of the tunnel, it is recommended that the
Autoestablish property is enabled on both security gateways.

IPsec Tunnel Quick Start

This section covers IPsec tunnels in some detail. A quick start checklist of setup steps for these
protocols in typical scenarios can be found in the following sections:

Section 9.2.1, “IPsec LAN to LAN with Pre-shared Keys”.

Section 9.2.2, “IPsec LAN to LAN with Certificates”.

Section 9.2.3, “IPsec Roaming Clients with Pre-shared Keys”.

Section 9.2.4, “IPsec Roaming Clients with Certificates”.

In addition to the quick start section, more explanation of tunnel setup is given below.

9.4.2. LAN to LAN Tunnels with Pre-shared Keys

A VPN can allow geographically distributed Local Area Networks (LANs) to communicate securely
over the public Internet. In a corporate context this means LANs at geographically separate sites
can communicate with a level of security comparable to that existing if they communicated
through a dedicated, private link.

Secure communication is achieved through the use of IPsec tunneling, with the tunnel extending
from the VPN gateway at one location to the VPN gateway at another location. The Clavister
Security Gateway is therefore the implementer of the VPN, while at the same time applying
normal security surveillance of traffic passing through the tunnel. This section deals specifically
with setting up LAN to LAN tunnels created with a Pre-shared Key (PSK).

A number of steps are required to set up LAN to LAN tunnels with PSK:

If both local and remote security gateways are Clavister Security Gateways, define the host
and networks in the Global Namespace.

Set up the VPN tunnel properties and include the Pre-Shared key.

Set up the VPN tunnel properties.

Set up the Route in the main routing table (or another table if an alternate is being used).

Chapter 9: VPN

599

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: