User`s guide

286 XSR User’s Guide

Interoperability Profile for the XSR Chapter 11

Configuring the Virtual Private Network

Interoperability Profile for the XSR

Scenario 1: Gateway-to-Gateway with Pre-Shared Secrets

This section describes how to configure the XSR according to the VPN

Consortium’s interoperability scenarios (http://www.vpnc.org/). The

following is a typical gateway-to-gateway VPN that uses a pre-shared secret

for authentication, as illustrated in Figure 50.

Figure 50 Gateway-toGateway with Pre-Shared Secrets Topology

Gateway A connects the internal LAN 10.5.6.0/24 to the Internet. Gateway

A's LAN interface has the address 10.5.6.1, and its WAN (Internet) interface

has the address 14.15.16.17.

Gateway B connects the internal LAN 172.23.9.0/24 to the Internet. Gateway

B's WAN (Internet) interface has the address 22.23.24.25. Gateway B's LAN

interface address, 172.23.9.1, can be used for testing IPsec but is not needed

for configuring Gateway A.

The IKE Phase 1 parameters used in Scenario 1 are:

 Main mode

 Triple DES

 SHA-1

 MODP group 2 (1024 bits)

 Pre-shared secret of “hr5xb84l6aa9r6”

 SA lifetime of 28800 seconds (eight hours) with no Kbytes rekeying

The IKE Phase 2 parameters used in Scenario 1 are:

 Triple DES

Internet

10.5.6.1

14.15.16.17

22.23.24.25

172.23.9.1

172.23.9.0/24

10.5.6.0/24

Gateway A

Gateway B