Table of Contents
Advertisement
5. Click OK.
4.7.2.2 Network-to-Network with Pre-shared Secrets
A typical network-to-network VPN uses a pre-shared secret for authentication.
Gateway A connects its internal LAN 10.5.6.0/24 to the Internet. Gateway A's
LAN interface has the address 10.5.6.1, and its WAN (Internet) interface has
the address 14.15.16.17.
Gateway B connects the internal LAN 172.23.9.0/24 to the Internet. Gateway
B's WAN (Internet) interface has the address 22.23.24.25.
The Internet Key Exchange (IKE) Phase 1 parameters used are:
• Main mode
• 3DES (Triple DES)
• SHA-1
• MODP group 2 (1024 bits)
• Pre-shared secret of "hr5x"
• SA lifetime of 28800 seconds (eight hours) with no Kbytes re-keying
The IKE Phase 2 parameters used are:
• 3DES (Triple DES)
• SHA-1
• ESP tunnel mode
• MODP group 2 (1024 bits)
• Perfect forward secrecy for re-keying
• SA lifetime of 3600 seconds (one hour) with no Kbytes re-keying
• Selectors for all IP protocols, all ports, between 10.5.6.0/24 and 172.23.9.0/24,
using IPv4 subnets
To set up Gateway A for this scenario, follow these steps:
Figure 4.132: LAN Bridge Settings
97
Advertisement
Table of Contents
