![Example 2: Windows 2000/XP Client to LAN](/images/new-backgrounds/111215/111215175x1.webp)
Broadband VPN Gateway User Guide
Example 2: Windows 2000/XP Client to LAN
In this example, a Windows 2000/XP client connects to the Broadband VPN Gateway and gains access to the local LAN.
Figure 49: Windows 2000/XP Client to Broadband VPN Gateway
To use 3DES encryption on Windows 2000, you need Service Pack 3 or later installed.
Broadband VPN Gateway Configuration
Setting |
| Value | Notes |
|
|
|
|
Name |
| Win Client | Name does not affect operation. Select a |
|
|
| meaningful name. |
|
|
|
|
Remote Endpoint |
| 172.16.9.10 | Other endpoint's WAN (Internet) IP address. |
|
|
|
|
Local |
| Subnet address: | Allows access to entire LAN. Use a more |
IP addresses |
| 192.168.0.0 | restrictive definition if possible. |
|
| 255.255.255.0 |
|
|
|
|
|
Remote |
| 172.16.9.10 | For a single client, this address is the same as |
IP addresses |
|
| the endpoint address. |
|
|
|
|
Key Exchange |
| IKE | Must match client PC |
|
|
|
|
IKE SA Parameters |
|
| |
|
|
| |
IKE Direction |
| Both ways | Using "Responder only" is not possible. |
|
|
|
|
Local Identity |
| IP address | Required. |
|
|
|
|
Remote Identity |
| IP address | Required |
|
|
|
|
IKE Authentication |
| Certificates are not widely used. | |
method |
|
|
|
|
|
|
|
| Xxxxxxxxxx | Must match client PC | |
|
|
|
|
IKE Authentication |
| Must match client PC | |
algorithm |
|
|
|
|
|
|
|
IKE Encryption |
| 3DES | Must match client PC |
|
|
|
|
IKE Exchange |
| Main Mode | Windows 2000 only supports Main Mode. |
mode |
|
|
|
|
|
|
|
DH Group |
| Group 1 (768 bit) | Must match client PC |
|
|
|
|
IKE SA Life time |
| 28800 | Does not have to match client PC. Shorter |
|
|
|
|
84