Broadband VPN Router User’s Manual

DH Group

Group 1 (768 bit)

Must match client PC

 

 

 

IKE SA Life time

28800

Does not have to match client PC. Shorter

 

 

period will be used.

 

 

 

IKE PFS

Disable

Must match client PC

 

 

 

IPSec SA Parameters

 

 

 

 

IPSec SA Life time

28800

Do not have to match. Shorter period will be

 

 

used.

 

 

 

IPSec PFS

Disable

Must match client PC

 

 

 

AH authentication

Disabled

AH is rarely used

 

 

 

ESP authentication

Enable/MD5

Must match client PC

 

 

 

ESP encryption

Enable/DES

Must match client PC

 

 

 

Windows Client Configuration

1.Select Start - Programs - Administrative Tools - Local Security Policy .

2.Right click IP Security Policy on Local Machine and select Create IP Security Policy

Figure60: Windows 2000/XP - Local Security Settings

3.Click "Next", then enter a policy name, for example "DUT To Win2K", then click "Next".

4.Step through the Wizard:

Deselect Activate the default response rule. Click "Next",

Leave Edit Properties checked. Click "Finish".

5.The following "Properties - Rules" screen will be displayed.

90