Internet Security Router User
’s Manual
Chapter 10. Configuring VPN
85
10 Configuring VPN
The chapter contains instructions for configuring VPN connections using automatic keying and manual keys.
10.1 Default Parameters
The Internet Security Router is pre-configured with a default set of proposals/connections. They cover the most
commonly used sets of parameters, required for typical deployment scenarios. It is recommended that you use
these pre-configured proposals/connections to simplify VPN connection setup. The default parameters
provided in the Internet Security Router are as follows:
Default Connections
Each connection represents a rule that can be applied on traffic originating from / terminating at the security
gateway. It contains the parameters: local/remote IP-Addresses and ports.
Table 10.1 lists the default connections that are provisioned on the gateway:
Table 10.1. Default Connections in the Internet Security Router
Name
Type
Port
Protocol State
Purpose
allow-ike-io passby
500
UDP
Enabled To allow the IKE traffic to the
Internet Security Router
allow-all
passby
Enabled To allow the plain traffic
WARNING
Do not delete or modify default VPN policies.
Proposals
Each proposal represents a set of authentication/encryption parameters. Once configured, a proposal can be
tied to a connection. Upon session establishment, one of the proposals specified is selected and used for the
tunnel.
Note that multiple proposals can be specified for a connection. If you do not specify the proposal to be used for
a connection, all the pre-configured proposals will be included for that connection.
Pre-configured IKE proposals
IKE proposals decide the type of encryption, hash algorithms and authentication method that will be used for
the establishment of the session keys between the endpoints of a tunnel. Table 10.2 lists the pre-configured
IKE proposals.
Table 10.2. Pre-configured IKE proposals in the Internet Security Router
Name
Encryption
Algorithm
Authentication
Algorithm
Diffie-Hellman
Group
Key
Management
Life time
(secs)
ike-preshared-
3des-sha1-dh2
3DES
SHA-1
2
Pre-shared
Keys
3600
ike-preshared-
3des-md5-dh2
3DES
MD5
2
Pre-shared
Keys
3600