Westermo RedFox Series User Manual

Westermo OS Management Guide

Version 4.17.0-0

❼ VPN instance number: This number is of local significance only, i.e., it can

differ on Alice and Bob. In the Web configuration, it is simplest to accept the
suggested value.

❼ Enable the VPN tunnel: Yes (default)
❼ Outbound interface: Default gateway (or ”vlan2”)
❼ Aggressive mode: No (i.e., use main mode)
❼ IKE (phase-1) cipher suite: Auto (simplest)
❼ Pre-shared secret: The common password, e.g., ”TopSecret123!”, which

should be known only by Alice and Bob.

❼ ESP cipher suite: Auto (simplest)
❼ Enable PFS: Yes.
❼ DPD Delay: 30 seconds (default)
❼ DPD Timeout: 120 seconds (default)

Responder specific settings (Alice):

❼ Remote Peer: 10.4.5.6 (”Any” can not be used; Domain name bob.example.com

can not be used either.)

❼ Local subnet: 192.168.10.0; netmask: 255.255.255.0
❼ Remote subnet: 192.168.11.0; netmask: 255.255.255.0
❼ Role: Responder (no initiator)
❼ Local-id: Auto (or type ”IP Address”, Identifier ”10.1.2.3”)
❼ Remote-id: Auto (or type ”IP Address”, Identifier ”10.4.5.6”)
❼ DPD Action: Hold

Initiator specific settings (Bob):

❼ Remote Peer: 10.1.2.3 (or alice.example.com)
❼ Local subnet: 192.168.11.0; netmask: 255.255.255.0
❼ Remote subnet: 192.168.10.0; netmask: 255.255.255.0
❼ Role: Initiator
❼ Local-id: Auto (or type ”IP Address”, Identifier ”10.4.5.6”)

➞ 2015 Westermo Teleindustri AB

799