Using the Web Browser Interface for Advanced Configuration Tasks
Setting Up Virtual Private Networks
14-76
7.
If you have based the policy on a pre-existing policy and you want to use
the same security settings and allow the same local networks, you can
move to step 11. If you want to accept default settings, but you need to
add a local network, move to step 10.
8.
If you so choose, you can change IPSec SA settings in the IPSec Config-
uration section of the Step 1 of 4: VPN Peer Configuration for "<VPN
mapname>" window. Select settings for the following parameters from
their pull-down menus:
•
PFS group
•
Encryption/hash algorithm—A pull-down menu provides all available
combinations of algorithms. The window includes two pull-down
menus, so you can specify up to two sets of algorithms.
•
IPSec SA lifetime
For more information on these settings, see "IPSec Settings (Custom
Setup Only)" on page 14-69.
9.
You can alter the default security settings for the IKE SA in the Step 2 of 4:
Add/Delete IKE attributes for "<VPN mapname>" window. Select set-
tings for the following parameters from the pull-down menu for each:
•
encryption/hash algorithm
•
authentication method
•
Diffie-Hellman key group
•
IKE SA lifetime
For more information on these settings, see "IKE Settings (Custom Setup
Only)" on page 14-67.
10. You add local networks to the VPN in the Step 3 of 4: Source Networks
Allowed to Connect Using "<VPN mapname>" window. Enter the IP
address and subnet mask.
Figure 14-56. Adding Local VPN Networks