Filter
Top Products
WS 2000 Wireless Switch System Reference Guide4-20
12. Select the Diffie-Hellman Group to use. The Diffie-Hellman key agreement protocol allows two users to exchange a
secret key over an insecure medium without any prior secrets. Two algorithms exist, one 768-bit and one 1024-bit
algorithm.
13. Click the Ok button to return to the VPN screen.
VPN: Frequently Asked Questions
Disclaimer: Using a VPN connection over the WAN interface is subject to the limitations of
your Internet Service Provider.
My tunnel works fine when I use the Subnet Access page to configure my firewall. Now that I use
Advanced Subnet Access, my VPN no longer works. What am I doing wrong?
VPN requires certain packets to be passed through the firewall. Subnet Access automatically inserts these rules for you
when you do VPN. Using Advanced Subnet Access requires the following rules to be in effect for each tunnel.
An allow inbound rule:
An allow outbound rule:
For IKE, an allow inbound rule:
Group 1 - 768 bit Somewhat faster than the 1024-bit algorithm, but secure enough in most situations.
Group 2 - 1024 bit Somewhat slower than the 768-bit algorithm, but much more secure and a better choice for
extremely sensitive situations.
Src
<Remote Subnet IP range>
Dst
<Local Subnet IP range>
Transport
ANY
Src port
1:65535
Dst port
1:65535
Rev NAT
None
Src
<Local Subnet IP range>
Dst
<Remote Subnet IP range>
Transport
ANY
Src port
1:65535
Dst port
1:65535
Rev NAT
None
Src
<Remote Gateway IP address>
Dst
<Wan IP address>
Transport
UDP