Filter
Top Products
216 Appendix D Configuring for interoperability
NN46110-602
9 For some vendors, if you want to turn off Vendor ID and/or Perfect
Forward Secrecy (PFS), do that on the Profiles > Groups > IPsec:
Configure window.
Third-party client installation
The VPN Router supports third-party IPsec clients and includes support for the
following:
• Authentication using either pre-shared authentication (using IKE Aggressive
mode) or digital signature certificate authentication (using IKE Main mode)
into a VPN Router’s remote access user’s IPsec account for third-party IPsec
clients.
• Client address assignment used within the IPsec tunnel formed as a result of
the Quick Mode negotiation. The client’s external IP address or a
pre-arranged internal IP address is used as the address that is negotiated
during the IKE Quick Mode exchange.
• Split tunneling with third-party IPsec clients, such that if you enable split
tunneling on the VPN Router, then the subnet that the client specifies as the
VPN Router’s identity within the tunnel during IKE Quick Mode must be
listed as one of the split tunnel networks for the Quick Mode proposal to be
accepted. If you do not enable split tunneling, then the VPN Router identity
that the client specifies for Quick Mode can be any value that the client
chooses.
Depending on the third-party client that you use, you must configure either a
branch office tunnel or a user tunnel. For example, the VPN Router was
configured and tested with the LINUX* FreeS/WAN client. If you are using the
FreeS/WAN LINUX client, you must configure your user and the VPN Router as
a branch office tunnel. If you are using another client that supports IPsec
Aggressive mode, you can configure your VPN Router as a user tunnel.