Configuring VPN Sites
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 233
Configuring VPN Sites
In the VPN > Site to Site VPN Sites page you can configure remote VPN sites. For more on how to
configure site to site VPN, go to VPN > Site to Site Blade Control.
When you add a new VPN site, these are the tabs where you configure these details:
n
Remote Site - Name, connection type, authentication method (preshared secret or certificate), and
the Remote Site Encryption Domain.
n
Encryption - Change the default settings for encryption and authentication details.
n
Advanced - Enable permanent tunnels, disable NAT for this site, configure encryption method, and
additional certificate matching.
To add a new VPN site:
1. Click New.
The New VPN Site window opens in the Remote Site tab.
2. Enter the Site name.
3. Select the Connection type:
n
Host name or IP address - Enter the IP address or Host name.
If you select IP address, and it is necessary to configure a static NAT IP address, select Behind
static NAT and enter the IP address.
Note - Behind static NAT applies to IPv4 addresses only.
n
High Availability or Load Sharing - Configure a list of backup IP addresses in case of failure
(High Availability) or to distribute data (Load Sharing). The appliance uses probing to monitor
the remote site's IP addresses. In High Availability, you can configure one of the IP addresses
as the primary.
When you select this option, you must configure a probing method on the Advanced tab. The
probing method monitors which IP addresses to use for VPN: ongoing or one at a time.
Click New to add an IP address and set a Primary IP address if necessary for High
Availability.
n
Only remote site initiates VPN - Connections can only be initiated from the remote site to this
appliance. For example, when the remote site is hidden behind a NAT device. In this scenario,
this appliance only responds to the tunnel initiation requests. This requires a secure method of
remote site authentication and identification.
4. Select an authentication method. This must match the authentication you used to configure this
appliance as the other gateway's remote site.
n
Preshared secret - If you select this option, enter the same password as configured in the
remote gateway and confirm it.
Note - You cannot use these characters in a password or shared secret: { } [ ] ` ~ | ‘
" \ Maximum number of characters: 255
n
Certificate - The gateway uses its own certificate to authenticate itself. For more information,
see VPN > Internal Certificate.
To Next Page
Loading...
Need help?
General
