Standaard IKE & IPSEC Policy (versie 2)
VTM werkt waar mogelijk met standaard policies en/of configuraties. Deze pagina beschrijft één van de standaard IKE & IPSEC Policy's.
Inventarisatie
Verzamel eerst de benodigde variabelen voor het opbouwen van de tunnel. Dit betreft onder meer:
Site A:
IPSEC IP adress VPN Concentrator (RIPE):
Vendor en type:
Software version:
IP Address location + subnet:
Local LAN gateway IP (ping check ip):
Site B:
IPSEC IP adress VPN Concentrator (RIPE):
Vendor en type:
Software version:
IP Address location + subnet:
Local LAN gateway IP (ping check ip):
IKE Policy - Phase 1
Standard Parameter | Standard Value | Comments |
Mode | Main | |
Key algoritme | Preshared | exchanged via SMS |
Preshared key duration time | Unlimited | |
Integrity algoritme | SHA-1 (standard) | Option: MD5, SHA-256, SHA-512 |
Encryption algoritme | 3DES (standard) | Option: AES-128, AES-192, AES-512 |
Diffie-Helmann group | Group 2 (standard) | Option: 5, 14, 15 |
ISAKMP-SA life time | 12 Hours (43200 seconds) |
IPSEC Policy - Phase 2
Standard Parameter | Value | Comments |
Mode | Tunnel | |
Integrity & Privacy | ESP, priv + int | |
Privacy Algoritme | 3DES (Standard) | Option: AES-128, AES-192, AES-512 |
Integrity algoritme | SHA-1 (standard) | Option: MD5, SHA-256, SHA-512 |
Perfect Forward Secrecy (PFS) | Activated / Enabled | |
Diffie-Hellmann PFS | Group 2 (standard) | Option: 5, 14, 15 |
Keying lifetime time | 1 Hour (3600 seconds) |