VPN Tab
The VPN tab, shown in FIGURE 5-50, allows you to define VPN gateways. Defining VPN gateways using this mechanism simplifies the creation of VPNs that include more than two gateways and are managed in a centralized management group.
Note -
Each gateway in this type of configuration must be able to connect to the other ones directly--without going through another gateway.
Figure 5-50 VPN Tab
Setting up a VPN requires:
-
Choosing a name for the VPN.
-
Defining the VPN gateway.
-
Adding a rule for the VPN.
Defining VPN Gateways
Use the VPN Definition box, shown in FIGURE 5-51, to define and edit VPN gateways.
Figure 5-51 VPN Definition Dialog Box
TABLE 5-45 describes the controls in the VPN Definition dialog box for defining VPN gateways.
Table 5-45 Controls in the VPN Definition Dialog Box|
Control |
Descriptions |
|---|---|
|
Rule Index |
(Optional) Assigns a number to a rule. By default, this field displays a number one greater than the last rule (indicating this rule will be placed the end of the list). Typing a lower number inserts the new rule into the specified position in the list and renumbers the rules currently in the configuration. Rules take effect in order. |
|
Name |
Specifies the Name of the VPN to which this gateway belongs. Type the same name in the Name field for each gateway that is in the VPN. |
|
Address |
Specifies the machine to be included in the VPN. |
|
Certificate |
Specifies the name of the certificate for this VPN gateway. |
|
Key Algorithm |
Specifies the secret (key) algorithm the VPN uses. All gateways in the same VPN must use the same (key) algorithm. |
|
Data Algorithm |
Specifies the data algorithm the VPN uses. All gateways in the same VPN must use the same data algorithm. |
|
MAC Algorithm |
Specifies the MAC algorithm the VPN uses. All gateways in the same VPN must use the same MAC algorithm. |
|
Tunnel Address |
Specifies the destination address on the outer (unencrypted) IP packet to which tunnel packets are sent. |
|
Description |
(Optional) Provides a short description of the VPN gateway. |
|
Add New |
Allows adding a new VPN rule. |
|
Edit |
Allows you to edit the VPN rule that you highlighted in the NAT tab. |
|
Move |
Allows assigning a new rule index number for the rule highlighted in the NAT tab. |
|
Delete |
Deletes the access rule highlighted in the VPN tab. |
|
Help |
Displays the online help. |
Adding a VPN Rule
After defining the gateways in a VPN, add a packet-filtering rule for this VPN. Add the packet-filtering rule using the Packet Filter tab.
When adding a packet-filtering rule for a VPN, leave the Screen field empty.
-
Specify SECURE for the packet-filtering action.
-
Type the name of the VPN in the VPN field.
Note -Use any address in the VPN rules. Only addresses that interact with a VPN Gateway and the address specified in the rule will apply. The simplest rule uses * for the source and destination address. This rule allows encrypted use of the specified service for all addresses in the VPN.
- © 2010, Oracle Corporation and/or its affiliates