Appendix C - VPNs
NetBIOS
Enable
Enable
Disable if not required.
Local LAN
IP address
Mask
192.168.0.1
255.255.255.0
192.168.1.1
255.255.255.0
Local Address subnet.
Use a more restrictive
definition if possible.
Remote LAN
IP address
Mask
192.168.1.1
255.255.255.0
192.168.0.1
255.255.255.0
Remote Address
subnet.
Use a more restrictive
definition if possible.
IKE
Direction
Initiator & re-
sponder
Initiator & re-
sponder
Does not have to
match. Either endpoint
can block 1 direction.
Exchange mode
Main Mode
Main Mode
Must match
DH Group
Group 2 (1024
bit)
Group 2 (1024 bit)
Must match
Local Identity
IP address
IP address
IP address is the most
common ID method
Remote Identity
WAN IP address
WAN IP address
IP address is the most
common ID method
SA Parameters
Encryption
3DES
3DES
Must match.
Authentication
MD5
MD5
Must match
Pre-shared Key
12345678
12345678
Must match;
use any string.
SA Life time
28800
28800
Does not have to
match. Shorter period
will be used.
PFS
Disabled
Disabled
Must match
Note:
Some VPN Gateways or programs let you specify the following settings separately for
IKE and IPSec. For this device, the same settings are used for both IKE and IPSec.
•
Authentication
•
Encryption
•
SA
Lifetime
Also, IPSec allows for "AH Authentication", using MD5 or SHA-1. For this device, "AH
Authentication" is always DISABLED.
133