ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual
Virtual Private Networking 5-47
v1.1, August 2010
9. Specify the VPN policy settings. These settings must match the configuration of the remote
VPN client. Recommended settings are:
• SA Lifetime: 3600 seconds
• Authentication Algorithm: SHA-1
• Encryption Algorithm: 3DES
10. Click Apply.
The new record should appear in the List of Mode Config Records on the Mode Config
screen.
Configuring an IKE Policy for Mode Config Operation
Next, you must configure an IKE policy:
1. Select VPN from the main menu and Policies from the submenu. The Policies submenu tabs
appear with the IKE Policies screen in view (see Figure 5-18 on page 5-16).
2. Click add to configure a new IKE Policy. The Add IKE Policy screen displays (see Figure 5-
34 on page 5-48).
3. In the Mode Config Record section, enable Mode Config by checking the Yes radio box and
selecting the Mode Config record you just created from the pull-down menu. (You can view
the settings of the selected record by clicking the view selected button.)
Mode Config works only in Aggressive Mode, and Aggressive Mode requires that both ends
of the tunnel be defined by a FQDN.
4. In the General section:
• Enter a description name in the Policy Name field such as “SalesPerson”. This name will
be used as part of the remote identifier in the VPN client configuration.
• Set Direction/Type to Responder.
• The Exchange Mode will automatically be set to Aggressive.
5. In the Local section, select FQDN for the Identity Type.
6. In the Local section, choose which WAN port to use as the VPN tunnel end point.
7. In the Remote section, enter an identifier in the Identity Type field that is not used by any
other IKE policies. This identifier will be used as part of the local identifier in the VPN client
configuration.
8. In the IKE SA Parameters section, specify the IKE SA settings. These settings must be
matched in the configuration of the remote VPN client.