Creating the secondary tunnel specification
- In the secondary system, on the NETWORK menu, under the VPN submenu, click IPsec subnets.
- Under the Create new tunnel section select these settings:
- Name: "A descriptive name for this tunnel."
- Enabled: "Yes"
- Local IP: "The external Local IP address to use for this tunnel."
- Local network: "The local network that the primary system can access."
- In the IP address/network mask format. It should correspond to an existing local network, for example: 192.168.10.0/255.255.255.0.
- Local ID type: "The Local IP that identifies the primary system to the secondary system by using the local IP address of the primary system’s external IP address."
- Local ID value: "Empty"
- This means that it will be generated automatically. This is because the Local IP was chosen as the Local ID type.
- Remote IP or hostname: "The primary system's remote IP or hose name."
- Unlike the first tunnel specification, this can't remain blank. The secondary system acts as the initiator of the connection. Therefore, it needs a destination IP address to make first contact.
- Remote network : "The primary system's remote network that the secondary system can access."
- Type this in the IP address/network mask format, for example, 192.168.10.0/255.255.255.0. It should correspond to an existing local network.
- Remote ID type: "Remote IP (or ANY if blank Remote IP)"
- This means that the primary system can use the secondary's IP address (if one was specified).
- Remote ID value : The secondary system's remote ID value
- Authenticate by: "Preshared Key"
- This instructs the Smoothwall to authenticate the secondary system by validating a shared pass-phrase.
- Preshared Key "The pass-phrase that was entered for the Preshared Key in the primary system."
- Use compression: "If compression was turned on in the primary system, select this option."
- Initiate the connection: "If it's the responsibility of the secondary system to initiate its connection to the primary Smoothwall, select this option."
- Enter a descriptive Comment, for example, "Tunnel to Head Office" and click Add.
All advanced settings can safely remain set to their default values.
- Once the tunnel specifications have been created, the tunnel can be started. To do this, first make sure that the VPN subsystem is connected to both the primary and secondary systems.
- Making sure that the system is working.
- Activating tunnels.