User manual
Virtual Private Networking
206
It becomes optional if the SG unit has a static IP address and is using Preshared Secrets
for authentication. If it is optional and the field is left blank, the Endpoint ID defaults to
the static IP address.
Note
If the remote party is a SG unit, the ID must have the form abcd@efgh. If the remote
party is not a SG unit, refer the interoperability documents on the SG Knowledge Base
(http://www.cyberguard.com/snapgear/knowledgebase.html) to determine what form it
must take. In this example, enter: branch@office
Leave the Enable IP Payload Compression checkbox unchecked. If compression is
selected, IPComp compression is applied before encryption.
Check the Enable Dead Peer Detection checkbox. This allows the tunnel to be
restarted if the remote party stops responding. This option is only used if the remote
party supports Dead Peer Detection. It operates by sending notifications and waiting for
acknowledgements.
Enter the Delay and Timeout values for Dead Peer Detection. The default times for the
delay and timeout options are 9 and 30 seconds respectively. This means that a Dead
Peer Detection notification is sent every 9 seconds (Delay) and if no response is received
in 30 seconds (Timeout) then the SG unit attempts to restart the tunnel. In this example,
leave the delay and timeout as their default values.
Leave the Enable Phase 1 & 2 rekeying to be initiated from my end checkbox
checked. This enables automatic renegotiation of the tunnel when the keys are about to
expire.
Click the Next button to configure the Remote Endpoint Settings.
Other options
The following options become available on this page depending on what has been
configured previously:
• Route to remote endpoint is the next gateway IP address or nexthop along the
previously selected IPSec interface. This field becomes available if an interface other
than the default gateway was selected for the tunnel to go out on.