User`s guide

Release Notes Inter-operability with Third-Party VPN Gateways

Release 3.5 Enhanced Support for VPN Clients

Rel. 3.5 Release Notes Page 21 of 30

CAUTION

NEM tunnels can not be mixed with Peer to Peer tunnels.

! Remote peers must not have dynamically assigned IP addresses because pre-

shared key authentication (if selected) uses IKE Main Mode. The security

policy database on each peer must also contain a fixed IP address of the

remote peer.

Inter-operability with Third-Party VPN Gateways

Connecting to a Cisco VPN 3005 Router

The instructions below are provided to configure a sample Peer to Peer tunnel

between a Cisco router and the ANG-1100. The following software revision was used:

Software Rev: Cisco System, Inc. / VPN 3000 Concentrator Series Version

2.5.2 (Rel) Aug 16 2000 11:41:47

Assuming you are working with an operational device, perform the following steps to

configure the Cisco device. Be aware that IP addresses displayed are sample

parameters.

1. Configure an IKE Proposal. Click to Configuration> System> Tunneling

Protocols> IPSec> IKE Proposals and press

ADD.

2. Do the following:

– Enter the Proposal name.

– Select Preshared Keys as the Authentication Mode.

– Select ESP/SHA/HMAC-160 as the Authentication Algorithm from the

pull-down menu.

– Select 3DES-168 as the Encryption Algorithm from the pull-down menu.

– Select Group 2 (1024-bits) as the Diffie-Hellman Group.

– Select the following default values:

– Lifetime Measurement of Time.

– Data Lifetime of 10000.

– Time Lifedata of 86400.

– Click

ADD.

3. Activate the IKE Proposal by clicking ACTIVATE.

4. Configure a Security Association. Click to Configuration> Policy

Management> Traffic Management> Security Association> Modify (or make

selections from the IKE Proposal screen).