Configuring VPN Sites
R81.10.X Quantum Spark 1500, 1600, 1800, 1900, 2000 Appliances Locally Managed Administration Guide|342
n
Route all traffic through this site - All traffic is encrypted and sent to this remote
site. You cannot configure more than one remote site.
When Route all traffic is configured, you can exclude a network object from the
VPN traffic.
To exclude network objects or specific IP addresses:
a. Click Exclude networks.
b. In the Remote site route topology exclusions table:
l
To add a new Network Object and IP address, click New.
l
To remove an object from the exclusions table, select the object
name and click Remove.
c. Click Apply
n
Encrypt according to routing table - If you use dynamic routing, encrypt traffic
based on source or service and destination. You must create a virtual tunnel
interface (VTI) in the Device > Local Network page and associate it with this
remote site. You can then use this VTI to create routing rules. Traffic that
matches these routing rules is encrypted and routed to the remote site.
n
Hidden behind external IP of the remote gateway - The remote site is behind
NAT and traffic is initiated from behind the remote site to this gateway. When
you select this option, it is not necessary to define an encryption domain.
6. Exclude networks - Select this option to exclude networks from the specified encryption
domain. This may be useful if two gateways are in the same community and protect the
same parts of the network.
7. Click Apply
On the Encryption tab you can change the default settings.
There are built in encryption settings' groups that only need to match in this configuration and
in the remote site.
n
Default (most compatible)
n
VPN A - According to RFC 4308.
n
VPN B - According to RFC 4308.
n
Suite-B GCM-128 or Suite-B-GCM-256 - According to RFC 6379.
n
Custom - Select this option to decide (manually) which encryption method is used
(optional).
To Next Page
Loading...
