Virtual Private Networking
192
Note
Only one shared secret tunnel may be added. The one shared secret is used by
all remote clients to authenticate.
• Select x.509 Certificate Tunnel to use x.509 certificates to authenticate the
remote client against a Certificate Authority's (CA) certificate. The CA certificate
must have signed the local certificates that are used for tunnel authentication.
Certificates need to be uploaded to the CyberGuard SG appliance before a tunnel
can be configured to use them (see Certificate Management in the IPSec section
later in this chapter). This authentication method is more difficult to configure, but
very secure.
Creating and adding x.509 certificates is detailed in Certificate Management in the
IPSec section later in this chapter.
Note
Multiple x.509 certificate tunnels may be added. A separate x.509 certificate
tunnel is required for each remote client to authenticate.
Click New.
Enter a Tunnel Name to identify this connection. It may not be the same as any other
L2TP/IPSec or regular IPSec tunnel names.
If adding a Shared Secret Tunnel, enter the Shared Secret. Ensure it is something
hard to guess. Keep note of the shared secret, as it is used in configuring the remote
client.
To Next Page
Loading...
Need help?
General
