Appendix C - VPNs
NetBIOS | Enable | Enable | Disable if not required. |
|
|
|
|
Local LAN | 192.168.0.1 | 192.168.1.1 | Local Address subnet. |
IP address | 255.255.255.0 | 255.255.255.0 | Use a more restrictive |
Mask |
|
| definition if possible. |
|
|
|
|
Remote LAN | 192.168.1.1 | 192.168.0.1 | Remote Address |
IP address | 255.255.255.0 | 255.255.255.0 | subnet. |
Mask |
|
| Use a more restrictive |
|
|
| definition if possible. |
|
|
|
|
IKE |
|
|
|
|
|
|
|
Direction | Initiator & re- | Initiator & re- | Does not have to |
| sponder | sponder | match. Either endpoint |
|
|
| can block 1 direction. |
|
|
|
|
Exchange mode | Main Mode | Main Mode | Must match |
|
|
|
|
DH Group | Group 2 (1024 | Group 2 (1024 bit) | Must match |
| bit) |
|
|
|
|
|
|
Local Identity | IP address | IP address | IP address is the most |
|
|
| common ID method |
Remote Identity | WAN IP address | WAN IP address | IP address is the most |
|
|
| common ID method |
|
|
|
|
SA Parameters |
|
|
|
|
|
|
|
Encryption | 3DES | 3DES | Must match. |
|
|
|
|
Authentication | MD5 | MD5 | Must match |
|
|
|
|
12345678 | 12345678 | Must match; | |
|
|
| use any string. |
SA Life time | 28800 | 28800 | Does not have to |
|
|
| match. Shorter period |
|
|
| will be used. |
PFS | Disabled | Disabled | Must match |
|
|
|
|
Note:
Some VPN Gateways or programs let you specify the following settings separately for IKE and IPSec. For this device, the same settings are used for both IKE and IPSec.
•Authentication
•Encryption
•SA Lifetime
Also, IPSec allows for "AH Authentication", using MD5 or
133