Chapter 22 IPSec VPN
SBG3500-N Series User’s Guide
276
22.3 What You Need To Know
A VPN tunnel is usually established in two phases. Each phase establishes a security association
(SA), a contract indicating what security parameters the SBG3500-N Series and the remote IPSec
router will use.
The first phase establishes an Internet Key Exchange (IKE) SA between the SBG3500-N Series and
remote IPSec router. The second phase uses the IKE SA to securely establish an IPSec SA through
which the SBG3500-N Series and remote IPSec router can send data between computers on the
local network and remote network. The following figure illustrates this.
Figure 142 VPN: IKE SA and IPSec SA
In this example, a computer in network A is exchanging data with a computer in network B. Inside
networks A and B, the data is transmitted the same way data is normally transmitted in the
networks. Between routers X and Y, the data is protected by tunneling, encryption, authentication,
and other security features of the IPSec SA. The IPSec SA is established securely using the IKE SA
that routers X and Y established first.
22.4 The Setup Screen
The following figure helps explain the main fields in the web configurator.
Figure 143 IPSec Fields Summary
Local and remote IP addresses must be static.
X
Y
IPSec SA
IKE SA
NETWORK
Network A
Network B
Local Network
Local IP Address
Remote Network
Remote IP Address
Remote
IPSec Router
VPN Tunnel
To Next Page
Loading...
