Manualshelf

User manual

ManualsBrandsSecure Computing ManualsComputer equipmentSG550
231232233234235236237238239240
Virtual Private Networking
227
Alias subnet mask: 24
Setup a Primary Link Test IPSec tunnel between the primary Internet IP Addresses
(192.168.11.0/32 - 209.0.0.1 <-> 210.0.0.1 – 192.168.12.0/32). This will be used to
determine whether the Primary Link is back up in the failed over state. Default values are
used in the configuration unless otherwise specified below:
Headquarters SG configuration:
Tunnel name: PrimaryLinkTest
Local interface: Internet Port
Keying: Aggressive mode (IKE)
Local address: Static IP address
Remote address: Dynamic IP address
Route to remote endpoint: Internet port's gateway
Initiate phase 1 & 2 rekeying: Unchecked
Remote required endpoint ID: primarytest@branch
Phase 1 key lifetime (sec): 7200
Local network: 192.168.11.1/255.255.255.255
Remote network: 192.168.12.1/255.255.255.255
Phase 2 key lifetime (sec): 7200
Branch Office SG configuration:
Tunnel name: PrimaryLinkTest
Enable this tunnel: Unchecked
Local Interface: Default gateway interface
Keying: Aggressive mode (IKE)
Local optional endpoint ID: primarytest@branch
The remote party's IP address: 209.0.0.1
Local network: 192.168.12.1/255.255.255.255
Remote network: 192.168.11.1/255.255.255.255
Manually edit the ifmond.conf on both the Branch Office SG to configure for IPSec
failover and fallforward.
##-- Custom entries MUST be added below this point