Difference between revisions of "VPN Form"

From Tech-Wiki
Jump to: navigation, search
Line 30: Line 30:
 
|-
 
|-
 
|IKE Version
 
|IKE Version
|() IKEv1 (x) IKEv2
+
|( ) IKEv1 (x) IKEv2
 
|-
 
|-
 
|IKE Encryption Policy
 
|IKE Encryption Policy
|(x) AES 256 () 3DES (156-bit)
+
|(x) AES 256 ( ) 3DES (156-bit)
 
|-
 
|-
 
|IKE Authentication Policy
 
|IKE Authentication Policy
|(x) SHA1  () MD5
+
|(x) SHA1  ( ) MD5
 
|-
 
|-
 
|IKE Lifetime (default 86400s = 1day)
 
|IKE Lifetime (default 86400s = 1day)
Line 42: Line 42:
 
|-
 
|-
 
|Diffie-Hellman Group
 
|Diffie-Hellman Group
|() Group 1 (x) Group 2 () Group 5 () Group 14
+
|( ) Group 1 (x) Group 2 ( ) Group 5 ( ) Group 14
 
|-
 
|-
 
|Identity (IP address or hostname)
 
|Identity (IP address or hostname)
Line 48: Line 48:
 
|-
 
|-
 
|Authentication
 
|Authentication
|(x) Pre-shared Key () PKI
+
|(x) Pre-shared Key ( ) PKI
 
|-
 
|-
 
|Mode (Main recommended)
 
|Mode (Main recommended)
|(x) Main () Aggressive
+
|(x) Main ( ) Aggressive
 
|-
 
|-
 
|Pre-Shared Key
 
|Pre-Shared Key
Line 57: Line 57:
 
|-
 
|-
 
|Pre-shared Key exchange
 
|Pre-shared Key exchange
|() PGP () Phone call (x) TXT/SMS:___________
+
|( ) PGP ( ) Phone call (x) TXT/SMS:___________
 
|-
 
|-
 
|colspan="2"|IPSEC Policy (Phase 2)
 
|colspan="2"|IPSEC Policy (Phase 2)
 
|-
 
|-
 
|IPSEC Encryption Algorithm
 
|IPSEC Encryption Algorithm
|() ESP-3DES (x) ESP-AES128 () ESP-AES256
+
|( ) ESP-3DES (x) ESP-AES128 ( ) ESP-AES256
 
|-
 
|-
 
|IPSEC Data Integrity
 
|IPSEC Data Integrity
|(x) SHA () MD5
+
|(x) SHA ( ) MD5
 
|-
 
|-
 
|Perfect Forward Secrecy (PFS)
 
|Perfect Forward Secrecy (PFS)
|() Off () Group 1 (x) Group 2 () Group 5
+
|( ) Off ( ) Group 1 (x) Group 2 ( ) Group 5
 
|-
 
|-
 
|IPSEC SA Lifetime - Seconds
 
|IPSEC SA Lifetime - Seconds

Revision as of 20:09, 5 June 2018

Back to Firewalls

Use this form to exchange VPN information


VPN Form

Table 1. VPN Form
Parameter Value
Tunnel Termination - Public Internet IP addresses
Internet IP address (peer) at XXX 200.2.2.20
Internal Network 10.1.50.0/24
Internet IP Address (remote peer) at YYY please fill
Partner Internal Network please fill (if your network overlaps the network above, it will clash)
IKE Policy (Phase 1)
IKE Version ( ) IKEv1 (x) IKEv2
IKE Encryption Policy (x) AES 256 ( ) 3DES (156-bit)
IKE Authentication Policy (x) SHA1 ( ) MD5
IKE Lifetime (default 86400s = 1day) 86400 sec
Diffie-Hellman Group ( ) Group 1 (x) Group 2 ( ) Group 5 ( ) Group 14
Identity (IP address or hostname) N/A
Authentication (x) Pre-shared Key ( ) PKI
Mode (Main recommended) (x) Main ( ) Aggressive
Pre-Shared Key Note: do not use unencrypted emamil to exchange pre-shared keys
Pre-shared Key exchange ( ) PGP ( ) Phone call (x) TXT/SMS:___________
IPSEC Policy (Phase 2)
IPSEC Encryption Algorithm ( ) ESP-3DES (x) ESP-AES128 ( ) ESP-AES256
IPSEC Data Integrity (x) SHA ( ) MD5
Perfect Forward Secrecy (PFS) ( ) Off ( ) Group 1 (x) Group 2 ( ) Group 5
IPSEC SA Lifetime - Seconds 3600 seconds
IPSEC SA Lifetime - Kilobytes _____KB (x) Disabled