Appendix C - VPNs
NetBIOS
Local LAN
IP address
Mask
Remote LAN
IP address
Mask
IKE
Direction
Exchange mode
DH Group
Local Identity
Remote Identity
SA Parameters
Encryption
Authentication
Pre-shared Key
SA Life time
PFS
Note:
Some VPN Gateways or programs let you specify the following settings separately for
IKE and IPSec. For this device, the same settings are used for both IKE and IPSec.
•
Authentication
•
Encryption
•
SA Lifetime
Also, IPSec allows for "AH Authentication", using MD5 or SHA-1. For this device, "AH
Authentication" is always DISABLED.
Enable
192.168.0.1
255.255.255.0
192.168.1.1
255.255.255.0
Initiator & re-
sponder
Main Mode
Group 2 (1024
bit)
IP address
WAN IP address
3DES
MD5
12345678
28800
Disabled
Enable
192.168.1.1
255.255.255.0
192.168.0.1
255.255.255.0
Initiator & re-
sponder
Main Mode
Group 2 (1024 bit)
IP address
WAN IP address
3DES
MD5
12345678
28800
Disabled
Disable if not required.
Local Address subnet.
Use a more restrictive
definition if possible.
Remote Address
subnet.
Use a more restrictive
definition if possible.
Does not have to
match. Either endpoint
can block 1 direction.
Must match
Must match
IP address is the most
common ID method
IP address is the most
common ID method
Must match.
Must match
Must match;
use any string.
Does not have to
match. Shorter period
will be used.
Must match
133