Print Download Documentation Send Feedback

Previous

Next

VPN Communities - Tunnel Management

What can I do here?

Use this window to set permanent VPN tunnels and VPN Tunnel Sharing.

Getting Here

Getting Here - SmartConsole > Security Policies > Access Control > Policy > Access Tools > VPN Communities > New Star Community > Tunnel Management

Understanding VPN Tunnels

Overview of Tunnel Management

Permanent Tunnels

Permanent Tunnels in a MEP Environment

Tunnel Testing for Permanent Tunnels

Dead Peer Detection

DPD Responder Mode

Permanent Tunnel Mode Based on DPD

VPN Tunnel Sharing

VPN Tunnel Options

Permanent Tunnels

Permanent Tunnels are VPN tunnels that are constantly kept active and as a result, make it easier to recognize malfunctions and connectivity problems. Administrators can monitor the two sides of a VPN tunnel, and identify problems without delay.

Each VPN tunnel in the community may be set to be a Permanent Tunnel. Since Permanent Tunnels are constantly monitored, if the VPN tunnel is down, then a log, alert, or user defined action, can be issued. Permanent Tunnels can only be established between security gateways. The configuration of Permanent Tunnels takes place on the community level and:

Enable Route Injection Mechanism (RIM)

The Route Injection Mechanism (RIM) is a feature of the VPN module used to:

For example, when a link becomes unavailable, an alternative path is added or "injected" to the local routing table on the gateway. If a dynamic routing protocol is then configured, this change is propagated to the network behind the gateway. Route injection can be integrated with MEP functionality, providing an alternative to IP pool NAT in situations where large numbers of static IP addresses are not available.

Tracking Options

Several types of alerts can be configured to keep administrators up to date on the status of the VPN tunnels. Choosing one of these alert types will enable immediate identification of the problem and the ability to respond to these issues more effectively. The Tracking Options are:

VPN Tunnel Sharing

Since various vendors implement IPSec tunnels in a number of different methods, administrators need to cope with different means of implementation of the IPSec framework.

There are three settings for controlling the number of VPN tunnels between peer gateways: