Tags

,


Building up a site to site IPsec VPN is not a hard thing to do. But of course you have to understand the principles at first. If you already knew what the two phases of negotiations are, now you can jump directly to the next graph. Otherwise, you should start from learning some fundamental VPN knowledge and terminologies like IKE, IPSec, Transform set, Crypto…

Based on my personal experience, a good document can always help you to build up a site to site VPN in an efficient way. Firstly, talk to the guy who is working with you on the other side and reach to an agreement on the settings which will be programed into the firewall, such as the encryption method, Hash algorithm, pre-shared key, external/internal IP addresses. Secondly, input those information into a spreadsheet or just use my template dispalyed as below, and send a copy to that guy. At last,  configure your firewall and test it.

 

Site-to-Site IPSec VPN Details

My Company:

My Company, Sydney, NSW

Contacts:

Jackie Chen
Mail: jackie.chen@mycompany.com
Phone: xxxx-xxx-xxx

Client Company:

Client Company, Melbourne, VIC

Contacts:

Bill Gates
Mail: bill.gates@clientcompany.com
Phone: xxxx-xxx-xxx

VPN usage

Official web site development

Firewall Type

Client

My Company

Manufacturer

Cisco

Cisco

Model

ASA 5510

ASA 5520

Version

8.2(2)

8.2.(3)

Settings

Client

My Company

Authentication Method

Pre-Shared Secret

Pre-Shared Secret

IKE Encryption Algorithm

AES-256

AES-256

IKE Hash Algorithm

SHA

SHA

IKE Security Lifetime

86400 secs

86400 secs

DH Group Identifier

2 (1024bit), No PFS

2 (1024bit), No PFS

IPSEC Security Lifetime

4608000 kB / 28,800 secs

4608000 kB / 28,800 secs

Pre-Shared Secret

*********

*********

IPSEC security protocol

ESP

ESP

IPSEC Encryption Algorithm

AES-256

AES-256

IPSEC Hash Algorithm

SHA

SHA

     

IP addressing

Client

My Company

Peer IP address:

X.X.X.X

Y.Y.Y.Y

Inside Hosts or Subnets

Client

My Company

Hosts or Subnets

192.168.1.0/24

172.29.1.0/24

 
Advertisements