Filter
Top Products
Appendix C - VPNs
123
Remote VPN
Endpoint
Fixed IP Address
205.17.11.43
Fixed IP Address
202.11.13.211
Other endpoint's WAN
(Internet) IP address.
NetBIOS Enable Enable Disable if not required.
Local LAN
IP address
Mask
192.168.0.0
255.255.255.0
192.168.1.0
255.255.255.0
Local Address subnet.
Use a more restrictive
definition if possible.
Remote LAN
IP address
Mask
192.168.1.0
255.255.255.0
192.168.0.0
255.255.255.0
Remote Address
subnet.
Use a more restrictive
definition if possible.
IKE
Direction Initiator & re-
sponder
Initiator & re-
sponder
Does not have to
match. Either endpoint
can block 1 direction.
Exchange mode
Main Mode Main Mode Must match
DH Group Group 2 (1024 bit)
Group 2 (1024 bit)
Must match
Local Identity IP address IP address IP address is the most
common ID method
Remote Identity WAN IP address WAN IP address IP address is the most
common ID method
SA Parameters
Encryption 3DES 3DES Must match.
Authentication MD5 MD5 Must match
Pre-shared Key xxxxxxxxx xxxxxxxxxx Must match;
use any string.
SA Life time 28800 28800 Does not have to
match. Shorter period
will be used.
PFS Disabled Disabled Must match
Note:
Some VPN Gateways or programs let you specify the following settings separately for
IKE and IPSec. For this device, the same settings are used for both IKE and IPSec.
· Authentication
· Encryption
· SA Lifetime
Also, IPSec allows for "AH Authentication", using MD5 or SHA-1. For this device, "AH
Authentication" is always DISABLED.