User Manual Part 1
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Virtual Private Networking Using IPsec 6-19
v1.0, July 2008
6. Assign at least one range of IP Pool addresses in the First IP Pool field to give to remote VPN
clients.
7. If you have a WINS Server on your local network, enter its IP address.
8. Enter one or two DNS Server IP addresses to be used by remote VPN clients.
9. If you enable Perfect Forward Secrecy (PFS), choose DH Group 1 or 2. This setting must
match exactly the configuration of the remote VPN client,
10. Specify the Local IP Subnet to which the remote client will have access. Typically, this is your
firewall’s LAN subnet, such as 192.168.2.1/255.255.255.0. (If not specified, it will default to
the LAN subnet of the firewall.)
11. Specify the VPN policy settings. These settings must match the configuration of the remote
VPN client. Recommended settings are:
• SA Lifetime: 3600 seconds
• Encryption Algorithm: 3DES
• Authentication Algorithm: SHA-1
12. Click Apply.
The new record should appear in the VPN Remote Host Mode Config Table. (where is this
located????)
Next, you must configure an IKE Policy:
1. On the main menu, click VPN. The IKE Policies screen is displayed showing the current
policies in the List of IKE Policies Table. (See Figure 6-7 on page 6-9.)
2. Click Add to configure a new IKE Policy. The Add IKE Policy screen is displayed.(See
Figure 6-8 on page 6-9.)
3. Enable Mode Config by checking the Yes radio box and selecting the Mode Config record
you just created from the pull-down menu. (You can view the parameters of the selected record
by clicking the View selected radio box.)
Mode Config works only in Aggressive Mode, and Aggressive Mode requires that both ends
of the tunnel be defined by an FQDN.
4. In the General section:
Note: The IP Pool should not be within your local network IP addresses. Use a
different range of private IP addresses such as 172.20.xx.xx.