Creating the VPN tunnel
A VPN tunnel consists of a name for the tunnel, the IP address of the VPN gateway at the opposite end of the
tunnel, the keylife for the tunnel, and the authentication key to be used to start the tunnel. You must create
complementary VPN tunnels on each of the VPN gateways. On both gateways the tunnel should have the
same name, keylife, and authentication key.
Example IPSec Autokey VPN Tunnel configuration
shows the information required to configure the VPN
tunnel for the VPN in
Example VPN between two internal networks
.
Example IPSec Autokey VPN Tunnel configuration
Description
Main Office
Branch Office
Tunnel Name
Enter a name for the tunnel. The name can contain numbers
(0-9), and upper and lower case letters (A-Z, a-z), and the
special characters - and _. Other special characters and
spaces are not allowed.
Branch_Office_VPN Main_Office_VPN
Remote
Gateway
The External IP address of the VPN gateway at the other
end of the VPN tunnel.
2.2.2.1 1.1.1.1
Select the
Encryption
algorithms to propose for Phase 1 of
the IPSec VPN connection. See
DES and 3DES
DES and 3DES
Select the
Authentication
algorithms to propose for Phase 1
of the IPSec VPN connection.
MD5 MD5
P1 Proposal
Specify the
Keylife
for Phase 1. The keylife is the amount of
time in seconds before the phase 1 encryption key expires.
When the key expires, a new key is generated without
interrupting service.
600 600
Select the encryption and authentication algorithms to propose for Phase 2 of the IPSec VPN
connection. See
Select
Enable replay detection
to prevent IPSec replay
Select Select
Select
Enable perfect forward secrecy (PFS)
to improve
the security of Phase 2 keys. See
.
Select Select
Specify the
Keylife
for Phase 2. The keylife is the amount of
time in seconds before the phase 2 encryption key expires.
When the key expires, a new key is generated without
interrupting service.
600 600
P2 Proposal
Specify the IKE
Identity
(also called the proxy ID) to use for
the tunnel. The identity labels all IPSec packets associated
with a specific tunnel so that the VPN gateway can associate
IPSec packets that it receives with the correct tunnel. The
default identity is IP Subnet, which means the IPSec packets
associated with this tunnel are identified using the subnet IP
address. You can also set Identity to IP address.
IP Subnet
IP Subnet
Authentication
Key
Enter up to 20 characters. The key must be the same on
both VPN gateways and should only be known by network
administrators.
ddcHH01887d ddcHH01887d
Incoming NAT
Select Incoming NAT if you require Network address
translation for VPN packets.
Select Select
DFL-500 User Manual
55