VPN Form
From Tech-Wiki
Use this form to exchange VPN information
One firewall (peer) will talk to the remote peer using their public IP, and exchange encrypted data (IPSec) in order to stablish the tunnel.
Once the tunnel is Up, the traffic will flow using their internal private address range.
Example:
10.1.50.x – 200.2.2.20 ------ (net) ----- 201.1.1.10 – 192.168.1.x:80
VPN Form
Parameter | Value |
---|---|
Tunnel Termination - Public Internet IP addresses | |
Internet IP address (peer) at ACME | 200.2.2.20 |
Internal Network | 10.1.50.0/24 |
Internet IP Address (remote peer) at BRANCH | please fill |
Partner Internal Network | please fill (if internal network overlaps the other one, it should be nat'ed) |
IKE Policy (Phase 1) | |
IKE Version | ( ) IKEv1 (x) IKEv2 |
IKE Encryption Policy | (x) AES 256 ( ) 3DES (156-bit) |
IKE Authentication Policy | (x) SHA1 ( ) MD5 |
IKE Lifetime (default 86400s = 1day) | 86400 sec |
Diffie-Hellman Group | ( ) Group 1 (x) Group 2 ( ) Group 5 ( ) Group 14 |
Identity (IP address or hostname) | N/A |
Authentication | (x) Pre-shared Key ( ) PKI |
Mode (Main recommended) | (x) Main ( ) Aggressive |
Pre-Shared Key | Note: do not use unencrypted email to exchange pre-shared keys |
Pre-shared Key exchange | ( ) PGP ( ) Phone call (x) TXT/SMS ____________ |
IPSEC Policy (Phase 2) | |
IPSEC Encryption Algorithm | ( ) ESP-3DES (x) ESP-AES128 ( ) ESP-AES256 |
IPSEC Data Integrity | (x) SHA ( ) MD5 |
Perfect Forward Secrecy (PFS) | ( ) Off ( ) Group 1 (x) Group 2 ( ) Group 5 |
IPSEC SA Lifetime - Seconds | 3600 seconds |
IPSEC SA Lifetime - Kilobytes | _____KB (x) Disabled |