Virtual Private Network (VPN)

To Add a VPN Gateway

Setting up a VPN requires you to have a certificate per screen, and define the address groups involved. For descriptions and concepts of the Virtual Private network, the SunScreen Reference Manual.

1. At the command line prompt, type:

   edit> add vpngateway vpn-net addrgrp-a SKIP cert-a KEY DES-CBC DATA RC4-40 MAC MD5 COMPRESSION NONE

   Where vpn-net is the name of the VPN network, addrgrp-a is an address group that uses the following certificate, and SKIP cert-a is the certificate.

   If you are using a tunnel, append TUNNEL address name to the add/replace.

   To setup the VPN completely, you should have all the keys, address groups, and vpngateways on each screen. So in a VPN configuration that has two networks connected, you would see something like the following:

   edit> list vpngateway 1 "vpn-net" "addrgrp-a" SKIP "cert-a" KEY "DES-CBC" DATA "RC4-40" MAC "MD5" COMPRESSION "NONE" 2 "vpn-net" "addrgrp-b" SKIP "cert-b" KEY "DES-CBC" DATA "RC4-40" MAC "MD5" COMPRESSION "NONE"

2. Create an address group containing the address groups for both networks, for example:

   edit> add address vpn-grp GROUP { addrgrp-a addrgrp-b } {}

3. Define a rule specifying the VPN Gateway:

   edit> add rule common vpn-grp vpn-grp ALLOW VPN vpn-net

To Replace a VPN Gateway

VPN Gateways are setup in an ordered manner. To change values, at the command line prompt, type (for example):

edit> replace vpngateway 1 vpn-net addrgrp-a SKIP cert-new KEY DES-CBC DATA RC4-40 MAC MD5 COMPRESSION NONE

To Remove a VPN Gateway

To remove the VPN gateway you must delete the rules and VPN object.

At the command line prompt, type (for example):

edit> del vpngateway 1