Chapter 7 VPN

The same pre-shared key must be configured on the remote device establishing a VPN tunnel with the local device.

oAdditionally, for IKE with PSK (Aggressive Mode only), enter the Peer (remote) ID you want to use in the appropriate field, either Peer Email Address or Peer Domain Name, depending on the Peer ID Type specified for the IKE Proposal (VPN > IKE Proposal)

If you specified IP Address as the Peer ID Type in the IKE Proposal page, the address you entered in the Peer IP Address field in step 3 is used, and no entry is required here.

oFor IKE with X.509 Certificates (Main Mode and Aggressive Mode), enter the Peer ID you want to use in the appropriate field, either Peer Distinguished Name, Peer Email Address or Peer Domain Name, depending on the Peer ID Type specified for the IKE Proposal (VPN > IKE Proposal).

Note If you have selected aggressive mode and are using email or domain for the local ID, you must have configured the local email or domain name on the IPSec Configuration page.

For Manual Keying:

o From the Encryption drop-down list, select the encryption method and enter the key. For details, see the “Encryption” on page 192.

o From the Authentication drop-down list, select the authentication method and enter the key. For details, see “Authentication” on page 192.

o In the Incoming SPI (hex) and Outgoing SPI (hex) fields respectively, enter unique hexadecimal values (from 1 to 8 characters) for the incoming and outgoing SPI. For details, see “Incoming SPI (hex)” on page 192.

You must use the same key information on the remote device.

STEP 10 For IPSec tunnel connections (site-to-site), configure the Tunnel Setup for the Local Network and Remote Networks:

196 X Family LSM User’s Guide V 2.5.1