The VPN tab, shown in FIGURE 5-50, allows you to define VPN gateways. Defining VPN gateways using this mechanism simplifies the creation of VPNs that include more than two gateways and are managed in a centralized management group.
Each gateway in this type of configuration must be able to connect to the other ones directly--without going through another gateway.
Setting up a VPN requires:
Choosing a name for the VPN.
Defining the VPN gateway.
Adding a rule for the VPN.
Use the VPN Definition box, shown in FIGURE 5-51, to define and edit VPN gateways.
TABLE 5-45 describes the controls in the VPN Definition dialog box for defining VPN gateways.
Table 5-45 Controls in the VPN Definition Dialog Box
Control |
Descriptions |
---|---|
Rule Index |
(Optional) Assigns a number to a rule. By default, this field displays a number one greater than the last rule (indicating this rule will be placed the end of the list). Typing a lower number inserts the new rule into the specified position in the list and renumbers the rules currently in the configuration. Rules take effect in order. |
Name |
Specifies the Name of the VPN to which this gateway belongs. Type the same name in the Name field for each gateway that is in the VPN. |
Address |
Specifies the machine to be included in the VPN. |
Certificate |
Specifies the name of the certificate for this VPN gateway. |
Key Algorithm |
Specifies the secret (key) algorithm the VPN uses. All gateways in the same VPN must use the same (key) algorithm. |
Data Algorithm |
Specifies the data algorithm the VPN uses. All gateways in the same VPN must use the same data algorithm. |
MAC Algorithm |
Specifies the MAC algorithm the VPN uses. All gateways in the same VPN must use the same MAC algorithm. |
Tunnel Address |
Specifies the destination address on the outer (unencrypted) IP packet to which tunnel packets are sent. |
Description |
(Optional) Provides a short description of the VPN gateway. |
Add New |
Allows adding a new VPN rule. |
Edit |
Allows you to edit the VPN rule that you highlighted in the NAT tab. |
Move |
Allows assigning a new rule index number for the rule highlighted in the NAT tab. |
Delete |
Deletes the access rule highlighted in the VPN tab. |
Help |
Displays the online help. |
After defining the gateways in a VPN, add a packet-filtering rule for this VPN. Add the packet-filtering rule using the Packet Filter tab.
When adding a packet-filtering rule for a VPN, leave the Screen field empty.
Specify SECURE for the packet-filtering action.
Type the name of the VPN in the VPN field.
Use any address in the VPN rules. Only addresses that interact with a VPN Gateway and the address specified in the rule will apply. The simplest rule uses * for the source and destination address. This rule allows encrypted use of the specified service for all addresses in the VPN.