Section 35.1.6.3 – Westermo RedFox Series User Manual

Westermo OS Management Guide

Version 4.17.0-0

AES-128 for encryption, SHA1 for authentication, and automatic Diffie-Hellman
group (for PFS)

❼ Enable PFS: Yes.
❼ DPD Delay: 30 seconds (default)
❼ DPD Timeout: 120 seconds (default)

Responder specific settings (Alice):

❼ Remote Peer: Any (not necessary to know the IP address of Bob)
❼ Local subnet: 192.168.10.0; netmask: 255.255.255.0
❼ Remote subnet: 192.168.11.0; netmask: 255.255.255.0
❼ Role: Responder (no initiator)
❼ Local-id: Type ”Name (DNS/User)”, Identifier ”Alice”
❼ Remote-id: Type ”Name (DNS/User)”, Identifier ”Bob”
❼ DPD Action: Clear

Initiator specific settings (Bob):

❼ Remote Peer: 10.1.2.3 (or alice.example.com)
❼ Local subnet: 192.168.11.0; netmask: 255.255.255.0
❼ Remote subnet: 192.168.10.0; netmask: 255.255.255.0
❼ Role: Initiator
❼ Local-id: Type ”Name (DNS/User)”, Identifier ”Bob”
❼ Remote-id: Type ”Name (DNS/User)”, Identifier ”Alice”
❼ DPD Action: Restart

35.1.6.3

Main Mode Configuration

Below you find hints on how to configure the initiator (Bob) and responder (Alice)
in IKE main mode. Note: this is just an example; several alternatives exist.

Many VPN settings can be configured in the same way on the responder (Alice)
and the initiator (Bob):

798

➞ 2015 Westermo Teleindustri AB