Filter
Top Products
Appendix C - VPNs
NetBIOS Enable Enable Disable if not required.
Local LAN
IP address
Mask
192.168.0.1
255.255.255.0
192.168.1.1
255.255.255.0
Local Address subnet.
Use a more restrictive
definition if possible.
Remote LAN
IP address
Mask
192.168.1.1
255.255.255.0
192.168.0.1
255.255.255.0
Remote Address
subnet.
Use a more restrictive
definition if possible.
IKE
Direction Initiator & re-
sponder
Initiator & re-
sponder
Does not have to
match. Either endpoint
can block 1 direction.
Exchange mode Main Mode Main Mode Must match
DH Group Group 2 (1024
bit)
Group 2 (1024 bit) Must match
Local Identity IP address IP address IP address is the most
common ID method
Remote Identity WAN IP address WAN IP address IP address is the most
common ID method
SA Parameters
Encryption 3DES 3DES Must match.
Authentication MD5 MD5 Must match
Pre-shared Key 12345678 12345678 Must match;
use any string.
SA Life time 28800 28800 Does not have to
match. Shorter period
will be used.
PFS Disabled Disabled Must match
Note:
Some VPN Gateways or programs let you specify the following settings separately for
IKE and IPSec. For this device, the same settings are used for both IKE and IPSec.
• Authentication
• Encryption
• SA Lifetime
Also, IPSec allows for "AH Authentication", using MD5 or SHA-1. For this device, "AH
Authentication" is always DISABLED.
133