VPN
Back Server 1, 2, & 3
Split Tunnel
Split DNS
For a 3rd Party Client
Step 6
In the Basic Settings tab, configure the following:
Enable
Tunnel Name
Interface
IKE Authentication Method
Local Identifier
Remote Identifier
Extended Authentication
Pool Range for Client LAN
Enter the IP address or domain name of the back servers 1, 2 and 3. When the connection
to the primary IPSec VPN server fails, the security appliance can start the VPN
connection to the backup servers. The backup server 1 has the highest priority and the
backup server 3 has the lowest priority.
Check to enable split tunnel. Then click Add, to enter an IP address and netmask for
the split tunnel. You can add, edit, or delete a split tunnel.
Check to enable split DNS. Then click Add, to enter an domain name for the split DNS.
You can add, edit, or delete a split tunnel.
Click Enable to enable the configuration.
Name of the VPN tunnel. This description is for your reference. It does not have to
match the name used at the other end of the tunnel
Select the interface (WAN1, WAN2, USB1, or USB2) from the drop-down list.
Authentication method to be used in IKE negotiations in IKE-based tunnels.
• Pre-shared Key: IKE peers authenticate each other by computing and sending a
keyed hash of data that includes the Pre-shared key. If the receiving peer is able
to create the same hash independently using its Pre-shared key, it knows that both
peers must share the same secret, thus authenticating the other peer. Pre-shared
keys do not scale well because each IPSec peer must be configured with the
Pre-shared key of every other peer with which it establishes a session. Enter the
Pre-shared Key, and click Enable to enable the Minimum Pre-shared Key
Complexity.
• Certificate: The digital certificate is a package that contains information such as
a certificate bearer's identity: name or IP address, the certificate's serial number,
the certificate's expiration date, and a copy of the certificate bearer's public key.
The standard digital certificate format is defined in the X.509 specification. X.509
version 3 defines the data structure for certificates. Select the certificate from the
drop-down list.
Select the local identifier type (IP Address, FQDN, or User FQDN) from the drop-down
list and enter the identifier.
Select the remote identifier (Remote IP, FQDN, or User FQDN) from the drop-down
list and enter the identifier.
Check Extended Authentication to enable. Click Add to add an extended authentication
and select admin or guest.
Start IP - Enter the start IP address for the pool range.End IP - Enter the end IP address
for the pool range.
Client to Site
RV345/345P Administration Guide
87