Configuring VPN Sites
Quantum Spark 1500, 1600 and 1800 Appliance Series R80.20.40 Locally Managed Administration Guide | 234
5. Select the Remote Site Encryption Domain. Configure the conditions to encrypt traffic and send to
this remote site.
n
Define remote network topology manually - Traffic is encrypted when the destination is
included in the list of network objects. Click Select to select the networks that represent the
remote site's internal networks. Click New to create network objects.
n
Route all traffic through this site - All traffic is encrypted and sent to this remote site. You
cannot configure more than one remote site.
n
Encrypt according to routing table - If you use dynamic routing, encrypts traffic based on
source or service and destination. You must create a virtual tunnel interface (VTI) in the Device
> Local Network page and associate it with this remote site. You can then use this VTI to
create routing rules. Traffic that matches these routing rules is encrypted and routed to the
remote site.
n
Hidden behind external IP of the remote gateway - If the remote site is behind NAT and traffic
is initiated from behind the remote site to this gateway. When you select this option, it is not
necessary to define an encryption domain.
6. Exclude networks - Select this option to exclude networks from the specified encryption domain. This
may be useful if two gateways are in the same community and protect the same parts of the network.
7. Click Apply.
In the Encryption tab you can change the default settings.
There are built in encryption settings' groups that only need to match in this configuration and in the remote
site.
n
Default (most compatible)
n
VPN A - According to RFC 4308.
n
VPN B - According to RFC 4308.
n
Suite-B GCM-128 or Suite-B-GCM-256 - According to RFC 6379.
n
Custom - Select this option to decide (manually) which encryption method is used (optional).
In the Advanced tab:
Note - When you finish the new VPN site configuration, click Apply.
n
Settings
l
Select to configure if the remote site is a Check Point Security Gateway. To enable permanent
VPN tunnels, Select the checkbox.
l
Select to disable NAT for this site. The original IP addresses are used even if hide NAT is
defined.
n
Encryption method
Select the IKE version:
To Next Page
Loading...
Need help?
General
