Configuring VPN Sites
R81.10.X Quantum Spark 1500, 1600, 1800, 1900, 2000 Appliances Locally Managed Administration Guide|345
IKE
Version
Notes
Prefer
IKEv2,
support
IKEv1
Configure the fields as explained for the first two options.
l
Additional Certificate Matching (does not apply when you use a
pre-shared secret):
When you select certificate matching in the Remote Site tab,
you first need to add the CA that signed the remote site's
certificate in the VPN > Certificates Trusted CAs page.
In the Advanced tab, you can select to match the certificate to
Any Trusted CA or an Internal CA.
You can also configure more matching criteria on the certificate.
l
Probing Method
This section is shown only when you select High Availability or
Load Sharing for the connection type in the Remote Site tab.
When the remote site has multiple IP addresses for VPN traffic,
the correct address for VPN is discovered through one of these
probing methods:
o
Ongoing probing - When a session is initiated, all possible
destination IP addresses continuously receive RDP
packets until one of them responds. Connections go
through the first IP to respond (or to a primary IP if a
primary IP is configured and active for High Availability),
and stay with this IP until the IP stops responding. The
RDP probing is activated when a connection is opened
and continues a background process.
o
One time probing - When a session is initiated, all
possible destination IP addresses receive an RDP session
to test the route. The first IP to respond is chosen, and
stays chosen until the VPN configuration changes.
Notes:
n
For more information on installing the certificate, see
"Managing Installed
Certificates" on page189
.
n
The initiator's gateway ID must be set in the responder gateway as the peer ID.
n
The Remote Access blade must be enabled for peer ID to work.
n
On the gateway that is not behind NAT, for Connection type, select Only
remote site initiates VPN.
n
When you configure the remote site, do not select behind static NAT.
An initial tunnel test begins with the remote site. If you have not yet configured it, click Skip.
The VPN site is added to the table.
To Next Page
Loading...
