Table 66: Checklist for configuring site-to-site IPSec VPN (continued)
Parameter
6. Which packets should be secured
a. Protect rules matching
options
b. Bypass rules matching
options
7. The remote peer (crypto isakmp peer) parameters
a. Remote peer
b. Pre-shared key
8. If the branch IP is dynamic
Check-List for Configuring site-to-site IPSec VPN
Possible values
IP source address
●
IP destination address
●
IP source address
●
IP destination address
●
udp
●
tcp
●
dscp
●
fragment
●
icmp
●
IP protocol
●
IP address
●
FQDN (dns name)
●
1 - 127 alphanumerical
●
characters.
1 - 64 bytes in hexadecimal
notation
If the branch IP is an
●
initiator, set initiate mode to
none (device is a
responder)
If the branch IP is a
●
responder, set initiate mode
to aggressive (device is an
initiator)
Set self identity to identify
●
the device in the remote
peer
Actual value
3 of 3
Issue 3 February 2007
529