Manualshelf

Specifications

ManualsBrandsCharles ManualsComputer equipment3641-80
101102103104105106107108109110
Issue 1.0, April 2006 Section 364-180-N02
©2006 Charles Industries, Ltd.
All rights reserved. Printed in United States of America.
null.
AH transform
The options include: md5, shal, des-mac,
null.
IPCOMP transform
The options include: lzs, null.
tunnel type
The options include: public, private.
Public uses the ESP protocol only.
Private provides UDP encapsulation for
NAT traversal. We are using ports 2787
(ESP), 2788 (AH), and 2845 (IPCOMP).
Public should be used for initial testing.
• Target host:
Destination of decrypted traffic
ip range?
The options include: Subnet, IP Range
ip 1(ip address / ip address 1)
The IP address of the target host / The Start IP
address of the target host IP range
ip 2(subnet mask / ip address 2)
The subnet mask of the target host / The End
IP address of the target host IP range
Note: IKE life duration (SA lifetime)/IKE Hash/IKE Encryption/IPSec Operation
(protocol)/ESP transform/ESP auth: When negotiating ABCD VPN IPSec to ABCD
VPN IPSec, it is not critical to match up these settings on both servers. The routers have
the ability to respond to and initiator’s negotiation and handle it accordingly, without
detecting a mismatch in policy and rejecting the negotiation. If desired, you may enter the
settings shown in our example.
6. When you have finished the settings, scroll to the bottom of the page and click the Add
Endpoint button. A window will pop up indicating a successful save.
95
The availability of features and technical specifications herein subject to change without notice.
NOTE:
Y
ou must configure the Main Office VPN Router (main@ABCD.com) as
we have configured the Branch Office VPN Router (remote@ABCD.com)
above. Once you have configured both sides of the connection, you can test
the tunnel using PING. To verify that your tunnel is working, ping the IP
address of a computer on the remote network. If you ping the main network, it
will only trigger phase 1 and 2 negotiations. You will only receive a reply if you
ping an actual IP address on the network, such as the router WAN IP address.
You can use Microsoft HyperTerminal to view phase 1 and 2 negotiations.