Difference between revisions of "VPN Form"
From Tech-Wiki
(3 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
Use this form to exchange VPN information | Use this form to exchange VPN information | ||
+ | |||
+ | One firewall (peer) will talk to the remote peer using their public IP, and exchange encrypted data (IPSec) in order to stablish the tunnel.<br> | ||
+ | Once the tunnel is Up, the traffic will flow using their internal private address range. | ||
+ | |||
+ | |||
+ | Example: | ||
+ | 10.1.50.x – 200.2.2.20 ------ (net) ----- 201.1.1.10 – 192.168.1.x:80 | ||
+ | |||
Line 15: | Line 23: | ||
|colspan="2" align="center"|'''Tunnel Termination - Public Internet IP addresses''' | |colspan="2" align="center"|'''Tunnel Termination - Public Internet IP addresses''' | ||
|- | |- | ||
− | |Internet IP address (peer) at | + | |Internet IP address (peer) at ACME |
|200.2.2.20 | |200.2.2.20 | ||
|- | |- | ||
Line 21: | Line 29: | ||
|10.1.50.0/24 | |10.1.50.0/24 | ||
|- | |- | ||
− | |Internet IP Address (remote peer) at | + | |Internet IP Address (remote peer) at BRANCH |
|''please fill'' | |''please fill'' | ||
|- | |- | ||
|Partner Internal Network | |Partner Internal Network | ||
− | |''please fill'' (if | + | |''please fill'' (if internal network overlaps the other one, it should be nat'ed) |
|- | |- | ||
|colspan="2" align="center"|'''IKE Policy (Phase 1)''' | |colspan="2" align="center"|'''IKE Policy (Phase 1)''' | ||
Line 54: | Line 62: | ||
|- | |- | ||
|Pre-Shared Key | |Pre-Shared Key | ||
− | |Note: do not use unencrypted | + | |Note: do not use unencrypted email to exchange pre-shared keys |
|- | |- | ||
|Pre-shared Key exchange | |Pre-shared Key exchange |
Latest revision as of 18:51, 26 July 2018
Use this form to exchange VPN information
One firewall (peer) will talk to the remote peer using their public IP, and exchange encrypted data (IPSec) in order to stablish the tunnel.
Once the tunnel is Up, the traffic will flow using their internal private address range.
Example:
10.1.50.x – 200.2.2.20 ------ (net) ----- 201.1.1.10 – 192.168.1.x:80
VPN Form
Parameter | Value |
---|---|
Tunnel Termination - Public Internet IP addresses | |
Internet IP address (peer) at ACME | 200.2.2.20 |
Internal Network | 10.1.50.0/24 |
Internet IP Address (remote peer) at BRANCH | please fill |
Partner Internal Network | please fill (if internal network overlaps the other one, it should be nat'ed) |
IKE Policy (Phase 1) | |
IKE Version | ( ) IKEv1 (x) IKEv2 |
IKE Encryption Policy | (x) AES 256 ( ) 3DES (156-bit) |
IKE Authentication Policy | (x) SHA1 ( ) MD5 |
IKE Lifetime (default 86400s = 1day) | 86400 sec |
Diffie-Hellman Group | ( ) Group 1 (x) Group 2 ( ) Group 5 ( ) Group 14 |
Identity (IP address or hostname) | N/A |
Authentication | (x) Pre-shared Key ( ) PKI |
Mode (Main recommended) | (x) Main ( ) Aggressive |
Pre-Shared Key | Note: do not use unencrypted email to exchange pre-shared keys |
Pre-shared Key exchange | ( ) PGP ( ) Phone call (x) TXT/SMS ____________ |
IPSEC Policy (Phase 2) | |
IPSEC Encryption Algorithm | ( ) ESP-3DES (x) ESP-AES128 ( ) ESP-AES256 |
IPSEC Data Integrity | (x) SHA ( ) MD5 |
Perfect Forward Secrecy (PFS) | ( ) Off ( ) Group 1 (x) Group 2 ( ) Group 5 |
IPSEC SA Lifetime - Seconds | 3600 seconds |
IPSEC SA Lifetime - Kilobytes | _____KB (x) Disabled |