CHAPTER 11: Using Virtual Private Networks (VPN)
316 Vcontroller
Tunnel
This policy prompts the Firebox Vclass appliance
to hide any information about the original sender
of data, representing the Firebox Vclass as the
original sender. This option is preferred for site-to-
site connections, in which the traffic goes through
the Firebox Vclass appliance.
Transport
No additional identity masking is applied. This
option is generally used in secured communication
directed to this Firebox Vclass appliance, such as
SNMP traffic.
4 If you selected Tunnel, you have two options:
-Click
Peer Tunnel Address Group and then
select the address group that represents the peer
IP address of the tunnel from the drop-down list.
-Click
Peer Tunnel IP Address and then type the
peer IP address.
5 From the Key Management drop-down list, select one
of the following options:
Automatic (IKE)
This key management process regularly replaces
existing keys with randomly generated keys are
created by the Firebox Vclass. For information on
creating an automatic key, see “Defining an
automatic key” on page 317.
Manual
Manual key mode requires that the administrator
of each security appliance manually enter the text
of a key on each system that exactly matches the
other system’s key. The drawbacks to manual keys
are potential errors in entry, the need to manually
replace keys on a regular basis, and the
vulnerability of a fixed key to hacking attempts.
For information on creating a manual key, see
“Defining a manual key” on page 321.
To Next Page
Loading...
