4. In the General section:
•
Enter a description name in the Policy Name field such as "SalesPerson". This name will
be used as part of the remote identifier in the VPN client configuration.
•
Set Direction/Type to Responder.
•
The Exchange Mode will automatically be set to Aggressive.
5. In the Local section, select FQDN for the Identity Type.
6. In the Local section, choose which WAN port to use as the VPN tunnel end point.
7. In the Remote section, enter an identifier in the Identity Type field that is not used by any
other IKE policies. This identifier will be used as part of the local identifier in the VPN client
configuration.
8. In the IKE SA Parameters section, specify the IKE SA parameters. These settings must be
matched in the configuration of the remote VPN client. Recommended settings are:
•
Encryption Algorithm: 3DES
•
Authentication Algorithm: SHA-1
•
Diffie-Hellman: Group 2
•
SA Lifetime: 3600 seconds
9. Enter a Pre-Shared Key that will also be configured in the VPN client.
10. XAUTH is disabled by default. To enable XAUTH, in the Extended Authentication section,
select one of the following::
•
Edge Device to use the VPN firewall as a VPN concentrator where one or more gateway
tunnels terminate. (If selected, you must specify the Authentication Type to be used in
verifying credentials of the remote VPN gateways.)
•
IPsec Host if you want the VPN firewall to be authenticated by the remote gateway. Enter
a Username and Password to be associated with the IKE policy. When this option is
chosen, you will need to specify the user name and password to be used in authenticating
this gateway (by the remote gateway).
For more information on XAUTH, see
11. If Edge Device was enabled, select the Authentication Type from the pull down menu which
will be used to verify account information: User Database, RADIUS-CHAP or RADIUS-PAP.
Users must be added through the User Database screen (see
page 5-29
or
"RADIUS Client Configuration" on page
Virtual Private Networking
ProSafe VPN Firewall 200 FVX538 Reference Manual
"Configuring XAUTH for VPN Clients" on page
5-30).
v1.0, January 2010
"User Database Configuration" on
5-27.
5-37