Filter
Top Products
Virtual Private Networking Using IPSec, PPTP, or L2TP Connections
300
ProSecure Unified Threat Management (UTM) Appliance
Manage VPN Policies
You can create two types of VPN policies. When you use the VPN Wizard to create a VPN
policy, only the Auto method is available.
• Manual. You manually enter all settings (including the keys) for the VPN tunnel on the
UTM and on the remote VPN endpoint. No third-party server or organization is involved.
• Auto. Some settings for the VPN tunnel are generated automatically through the use of
the IKE (Internet Key Exchange) Protocol to perform negotiations between the two VPN
endpoints (the local ID endpoint and the remote ID endpoint). You still need to enter all
settings on the remote VPN endpoint manually (unless the remote VPN endpoint also has
a VPN Wizard).
In addition, a certification authority (CA) can also be used to perform authentication (see
Manage Digital Certificates for VPN Connections on page 419). For gateways to use a CA,
each VPN gateway needs to have a certificate from the CA. For each certificate, there is both
a public key and a private key. The public key is freely distributed, and is used by any sender
to encrypt data intended for the receiver (the key owner). The receiver then uses its private
key to decrypt the data (without the private key, decryption is impossible). The use of
certificates for authentication reduces the amount of data entry that is required on each VPN
endpoint.
VPN Policies Screen
The VPN Policies screen allows you to add additional policies—either Auto or Manual—and
to manage the VPN policies already created. You can edit policies, enable or disable policies,
or delete them entirely. These are the rules for VPN policy use:
• Traffic covered by a policy is automatically sent through a VPN tunnel.
• When traffic is covered by two or more policies, the first matching policy is used. (In this
situation, the order of the policies is important. However, if you have only one policy for
each remote VPN endpoint, then the policy order is not important.)
• The VPN tunnel is created according to the settings in the security association (SA).
• The remote VPN endpoint needs to have a matching SA; otherwise, it refuses the
connection.
To access the VPN Policies screen, select VPN > IPSec VPN > VPN Policies. The VPN
Policies screen displays. (The following figure shows some examples.)