Standaard IKE & IPSEC Policy (versie 2)
VTM werkt waar mogelijk met standaard policies en/of configuraties. Deze pagina beschrijft één van de standaard IKE & IPSEC Policy's.
Inventarisatie
Verzamel eerst de benodigde variabelen voor het opbouwen van de tunnel. Dit betreft onder meer:
Site A:
IPSEC IP adress VPN Concentrator (RIPE):
Vendor en type:
Software version:
IP Address location + subnet:
Local LAN gateway IP (ping check ip):
Site B:
IPSEC IP adress VPN Concentrator (RIPE):
Vendor en type:
Software version:
IP Address location + subnet:
Local LAN gateway IP (ping check ip):
IKE Policy - Phase 1
| Standard Parameter | Standard Value | Comments |
| Mode | Main | |
| Key algoritme | Preshared | exchanged via SMS |
| Preshared key duration time | Unlimited | |
| Integrity algoritme | SHA-1 (standard) | Option: MD5, SHA-256, SHA-512 |
| Encryption algoritme | 3DES (standard) | Option: AES-128, AES-192, AES-512 |
| Diffie-Helmann group | Group 2 (standard) | Option: 5, 14, 15 |
| ISAKMP-SA life time | 12 Hours (43200 seconds) |
IPSEC Policy - Phase 2
| Standard Parameter | Value | Comments |
| Mode | Tunnel | |
| Integrity & Privacy | ESP, priv + int | |
| Privacy Algoritme | 3DES (Standard) | Option: AES-128, AES-192, AES-512 |
| Integrity algoritme | SHA-1 (standard) | Option: MD5, SHA-256, SHA-512 |
| Perfect Forward Secrecy (PFS) | Activated / Enabled | |
| Diffie-Hellmann PFS | Group 2 (standard) | Option: 5, 14, 15 |
| Keying lifetime time | 1 Hour (3600 seconds) |