You can configure a remote gateway for an AutoKey IKE VPN tunnel. The configured gateway appears in the list of predefined remote gateways when you configure the AutoKey IKE VPN tunnel. (See AutoKey IKE VPN Tunnel Configuration.)
Gateway Name: Enter the name of the VPN tunnel you want to create. You can use up to a maximum of 32 characters.
Version: Select IKEv1 or IKEv2 as the Internet Key Exchange protocol for mutual authentication.
Security Level: Setting a security level is an alternative to setting Phase 1 and Phase 2 proposals. By selecting a security level, ScreenOS automatically applies the proposals predefined for that security level. Select one of the following security levels:
Standard: The predefined Phase 1 proposals for the Standard security level are pre-g2-aes128-sha and pre-g2-3des-sha.
Compatible: The predefined Phase 1 proposals for the Compatible security level are pre-g2-3des-sha, pre-g2-3des-md5, pre-g2-des-sha, and pre-g2-des-md5.
Basic: The predefined Phase 1 proposals for the Low security level are pre-g1-des-sha, and pre-g1-des-md5.
Custom: Select this option if you want to define your own proposals. You can define the proposals on the advanced configuration page.
Remote Gateway Type: Select one of the following types:
Static IP Address: Select this option and enter the fixed IP address or hostname (or hostname + domain name) of the remote gateway.
Dynamic IP Address: Select this option and enter the Peer ID of the Dynamic IP Address. This can be an e-mail address, a fully qualified domain name (FQDN), or an IP address.
Dialup User: Select this option and select a dialup user from the drop-down list.
Dialup User Group: Select this option and select a dialup user group from the drop-down list.
Preshared Key: Enter the same ASCII value that the user will be entering at the other end.
Use As Seed: Select this option to use the preshared key as the seed value.
Local ID: (Required only for certificates) Enter the e-mail address, fully qualified domain name (FQDN), or IP address that appears in the certificate that you want the remote gateway to use for authentication.
Outgoing Interface: Select the interface that you want to use to terminate the VPN tunnel on the local device.
Click OK to save your settings.
Click Advanced to complete the AutoKey IKE VPN configuration. For more information, see AutoKey IKE Gateway Advanced Configuration.
To configure AC-VPN in a hub-and-spoke network, you must first configure static VPN tunnels between the Next Hop Resolution Protocol Server (NHS), which is the hub of the network, and the Next Hop Resolution Protocol Client (NHC), on a spoke.
After you create a static gateway and VPN and bind the VPN to a tunnel interface, on both the NHS and the NHC, you can configure the AC-VPN Gateway.
Gateway Name: Enter the name of the AC-VPN gateway. You can use up to a maximum of 32 characters.
Click the ACVPN-Profile option button.
Click OK to save your settings.
Click Advanced to configure additional parameters.
Gateway Name: Enter the name of the AC-VPN gateway. You can use up to a maximum of 32 characters.
Click the ACVPN-Dynamic option button
Click OK to save your settings.
Click Advanced to configure additional parameters.
After you configure AC-VPN gateways, you must configure a VPN and NHRP parameters on both the NHS and the NHC.