ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
5-26 Virtual Private Networking Using IPsec
v1.2, June 2008
11. Specify the VPN policy settings. These settings must match the configuration of the remote
VPN client. Recommended settings are:
SA Lifetime: 3600 seconds
Authentication Algorithm: SHA-1
Encryption Algorithm: 3DES
12. Click Apply.
The new record should appear in the VPN Remote Host Mode Config Table.
Next, you must configure an IKE Policy:
1. Click VPN > IPsec VPN in the main menu. The IKE Policies screen is displayed showing the
current policies in the List of IKE Policies Table. (See Figure5-10 on page 5-12.)
2. Click Add to configure a new IKE Policy. The Add IKE Policy screen is displayed.(See
Figure 5-11 on page 5-12.)
3. Enable Mode Config by checking the Yes radio button and selecting the Mode Config record
you just created from the pull-down menu. (You can view the parameters of the selected record
by clicking the View selected radio button.)
Mode Config works only in Aggressive Mode, and Aggressive Mode requires that both ends
of the tunnel be defined by an FQDN.
4. In the General section:
a. Enter a descriptive name in the Policy Name Field such as “salesperson”. This name will
be used as part of the remote identifier in the VPN client configuration.
b. Set Direction/Type to Responder.
c. The Exchange Mode will automatically be set to Aggressive.
5. For Local information:
a. Select Fully Qualified Domain Name for the Local Identity Type.
b. Enter an identifier in the Remote Identity Data field that is not used by any other IKE
policies. This identifier will be used as part of the local identifier in the VPN client
configuration.
6. Specify the IKE SA parameters. These settings must be matched in the configuration of the
remote VPN client. Recommended settings are:
Encryption Algorithm: 3DES
Authentication Algorithm: SHA-1
Diffie-Hellman: Group 2