Select the
Authentication
algorithms to propose for Phase 1 of the IPSec VPN
connection.
MD5
Specify the
Keylife
for Phase 1. The keylife is the amount of time in seconds before
the phase 1 encryption key expires. When the key expires, a new key is generated
without interrupting service.
600
Select the encryption and authentication algorithms to propose for Phase 2 of the IPSec VPN
connection. See
Select
Enable replay detection
to prevent IPSec replay attacks. See
Select
Select
Enable perfect forward secrecy (PFS)
to improve the security of Phase 2
keys. See
About perfect forward secrecy (PFS)
.
Select
Specify the
Keylife
for Phase 2. The keylife is the amount of time in seconds before
the phase 2 encryption key expires. When the key expires, a new key is generated
without interrupting service.
600
P2 Proposal
Specify the IKE
Identity
(also called the proxy ID) to use for the tunnel. The identity
labels all IPSec packets associated with a specific tunnel so that the VPN gateway
can associate IPSec packets that it receives with the correct tunnel. The default
identity is IP Subnet, which means the IPSec packets associated with this tunnel are
identified using the subnet IP address. You can also set Identity to IP address.
IP Subnet
Authentication
Key
Enter up to 20 characters. The VPN gateway and clients must have the same key and
it should only be known by network administrators.
ddcHH01887d
Incoming NAT
Select Incoming NAT if you require Network address translation for VPN packets.
Select
Complete the following procedure on the DFL-500 VPN gateway:
·
Go to
VPN > IPSEC > Autokey IKE
.
·
Select New to add a new Autokey IKE VPN tunnel.
·
Enter the VPN Tunnel Name, Remote Gateway, Keylife, and Authentication Key.
·
Select the P1 Proposal and the P2 Proposal algorithms.
·
Select OK to save the Autokey IKE VPN tunnel.
Adding source and destination addresses
The next step in configuring the DFL-500 VPN gateway is to add the source and destination addresses for the
VPN policy. For each client VPN tunnel you require two addresses:
·
Source, the IP address of the network behind the DFL-500 VPN gateway
The source address is an address on your internal network.
·
Destination, the IP address of the VPN client
For VPN clients with static IP addresses, the destination address is the IP address of the client.
See Example VPN gateway IP addresses for a client with a static IP address
shows the internal and external
addresses required to create the VPN shown in
See Example VPN between an internal network and a remote
if the client has a static IP address.
Example VPN gateway IP addresses for a client with a static IP address
Description
Example
Setting
Source Address
Address
The name to assign to the source address that the VPN client can connect to. The name Main_Office
DFL-500 User Manual
61