cred ca tot gatitul ramane de baza – NS 5200 take 2

Posted: June 4, 2009 in technical
Tags: , ,

Citat din User Guide-ul de NS5200_Complete, pagina 129, Dynamic IKE Gateways Using FQDN – mai exact pagina 132, acolo unde spune cum se configureaza Dynamic IKE Gateway-ul:

3. VPN

VPNs > AutoKey Advanced > Gateway > New: Enter the following, then click

OK:

Gateway Name: To_Paris

Security Level: Custom

Remote Gateway Type:

Static IP Address: (select), IP Address/Hostname: http://www.nspar.com

Do NOT do that!!! In felul asta gateway-ul apare disabled!!! no good, deci.

Pentru ca sa  mearga, se foloseste, in acelasi loc, evident, optiunea de “Dynamic IP address” (DYNAMIC, EVIDENT), numai ca neavand un IP dynamic, ci un peer cu IP dinamic, sau nat-at…oricum, necunoscut de NetScreen, pun aici DN-ul certificatului digital. Identificarea IPsec se face deci in ambele sensuri pe FQDN.

Ca sa vezi!!! ACUM MERGE!!! Ce greu era!

Note to myself: NEVER OBEY MANUALS AGAIN!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s