Configuring vpn, 1 default parameters – Asus SL1000 User Manual

Page 101

Advertising
background image

Internet Security Router User

’s Manual

Chapter 10. Configuring VPN

85

10

Configuring VPN

The chapter contains instructions for configuring VPN connections using automatic keying and manual keys.

10.1 Default Parameters

The Internet Security Router is pre-configured with a default set of proposals/connections. They cover the most
commonly used sets of parameters, required for typical deployment scenarios. It is recommended that you use
these pre-configured proposals/connections to simplify VPN connection setup. The default parameters
provided in the Internet Security Router are as follows:

Default Connections

Each connection represents a rule that can be applied on traffic originating from / terminating at the security
gateway. It contains the parameters: local/remote IP-Addresses and ports.

Table 10.1 lists the default connections that are provisioned on the gateway:

Table 10.1. Default Connections in the Internet Security Router

Name

Type

Port

Protocol State

Purpose

allow-ike-io passby

500

UDP

Enabled To allow the IKE traffic to the

Internet Security Router

allow-all

passby

Enabled To allow the plain traffic

WARNING

Do not delete or modify default VPN policies.

Proposals

Each proposal represents a set of authentication/encryption parameters. Once configured, a proposal can be
tied to a connection. Upon session establishment, one of the proposals specified is selected and used for the
tunnel.

Note that multiple proposals can be specified for a connection. If you do not specify the proposal to be used for
a connection, all the pre-configured proposals will be included for that connection.

Pre-configured IKE proposals

IKE proposals decide the type of encryption, hash algorithms and authentication method that will be used for
the establishment of the session keys between the endpoints of a tunnel. Table 10.2 lists the pre-configured
IKE proposals.

Table 10.2. Pre-configured IKE proposals in the Internet Security Router

Name

Encryption
Algorithm

Authentication
Algorithm

Diffie-Hellman
Group

Key
Management

Life time
(secs)

ike-preshared-
3des-sha1-dh2

3DES

SHA-1

2

Pre-shared
Keys

3600

ike-preshared-
3des-md5-dh2

3DES

MD5

2

Pre-shared
Keys

3600

Advertising
Popular Brands
Popular manuals