Table of Contents
Advertisement
Select a Phase 2 Proposal. Any combination of the ciphers, hashes and Diffie Hellman
groups that the SG unit supports can be selected. The supported ciphers are DES,
3DES and AES (128, 196 and 256 bits). The supported hashes are MD5 and SHA and
the supported Diffie Hellman group are 1 (768 bit), 2 (1024 bit) and 5 (1536 bits). The
SG unit also supports extensions to the Diffie Hellman groups to include 2048, 3072 and
4096 bit Oakley groups. Perfect Forward Secrecy is enabled if a Diffie-Hellman group or
an extension is chosen. Phase 2 can also have the option to not select a Diffie Hellman
Group, in this case Perfect Forward Secrecy is not enabled. Perfect Forward Secrecy of
keys provides greater security and is the recommended setting. In this example, select
the 3DES-SHA-Diffie Hellman Group 2 (1024 bit) option.
Click the Finish button to save the tunnel configuration.
Configuring the Headquarters
Enable IPSec
Click the IPSec link on the left side of the web management console.
Check the Enable IPSec checkbox.
Select the type of IPSec endpoint the SG unit has on its Internet interface. In this
example, select static IP address.
Leave the IPSec MTU unchanged.
Click the Apply button to save the changes.
Configure a tunnel to accept connections from the branch office
To create an IPSec tunnel, click the IPSec link on the left side of the web management
console, then click New. Many of the settings such as the Preshared Secret, Phase 1
and 2 Proposals and Key Lifetimes are the same as the branch office.
Tunnel settings page
Fill in the Tunnel name field with an apt description of the tunnel. The name must not
contain spaces or start with a number. In this example, enter: Branch_Office
Leave checked the Enable this tunnel checkbox.
Virtual Private Networking
213
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
