Page 103

Internet Security Router User

’s Manual

Chapter 10. Configuring VPN

Default lifetime

Default lifetime for the pre-configured IKE proposals and IPSec proposals is 3600 seconds. (One hour). It is

recommended to set lifetime value greater than 600 seconds, for a new IKE proposal or IPSec proposal. This

will reduce quick re-keying which will unnecessarily burden the system.

Limits for key length

The maximum key length for pre shared key, cipher key and Authentication Key is 50characters. If the cipher

key length is greater than the length specified by the encryption algorithm, the key is truncated to the

appropriate length.

Priority of the connections

The allow-ike-io default rule has the highest priority (1). The allow-all default rule has the lowest priority. At any

point of time it is recommended to maintain this priority. If you add connections below the allow-all rule (lower

priority), it will not have any effect as the corresponding packets will match the allow-all rule and go without

encryption.

Important:

Note that these pre-configured Proposals/Connections are read-only and cannot be modified. If you have to

specify a proposal (other than the default), you should add a new one via the VPN configuration page. This

way you can control the proposals that become part of a connection.

Note: For the negotiation to succeed, the peer gateway should also be configured with matching parameters.

However, any specific proposal can be chosen if needed.

This chapter includes the procedure to configure the Access List through GUI:

„ Basic Access List Configuration

•

Access List using IKE

•

Access List using Manual Keys

„ Advanced Access List Configuration

•

Access List using IKE

•

Access List using Manual Keys

10.2 VPN Tunnel Configuration Parameters

Table 10.4 describes all the VPN tunnel configuration parameters available for various VPN configurations.

Table 10.4. VPNTtunnel Configuration Parameter

Options

Description

VPN Connection Settings

Add New

Click on this option to add a new VPN rule.

Rule number

Select a rule from the drop-down list, to modify its attributes.

Name

Enter a unique name, preferably a meaningful name that signifies the tunnel

connection. Note that only alphanumeric characters are allowed in this field.

Enable

Select this radio button to enable this rule (default).

Disable

Select this radio button to disable this rule.

Move to

This option allows you to set a priority for this rule. The VPN service in the Internet Security Router

acts on packets based on the priority of the rule, with 1 being the highest priority. Set a priority by

selecting from the drop-down list for its position in the list of rules: