Technical information

Watson SHDSL Router

Web-based Management Manual

Watson-SHDSL-Router-GUI-Manual.doc

Version 2.3-03

8-82

Revision: 2012-02-29

Click 'OK' to save the settings.

8.4.1.5.2 Gateway-to-Gateway with Pre-shared Secrets

A typical gateway-to-gateway VPN uses a pre-shared secret for authentication.

Gateway A connects its internal LAN 10.5.6.0/24 to the Internet. Gateway A's LAN

interface has the address 10.5.6.1, and its WAN (Internet) interface has the ad-

dress 14.15.16.17. Gateway B connects the internal LAN 172.23.9.0/24 to the In-

ternet. Gateway B's WAN (Internet) interface has the address 22.23.24.25. The In-

ternet Key Exchange (IKE) Phase 1 parameters used are:

 Main mode

 3DES (Triple DES)

 SHA-1

 MODP group 2 (1024 bits)

 Pre-shared secret of "hr5x"

 SA lifetime of 28800 seconds (eight hours) with no Kbytes re-keying

The IKE Phase 2 parameters used are:

 3DES (Triple DES)

 SHA-1

 ESP tunnel mode

 MODP group 2 (1024 bits)

 Perfect forward secrecy for re-keying

 SA lifetime of 3600 seconds (one hour) with no Kbytes re-keying

 Selectors for all IP protocols, all ports, between 10.5.6.0/24 and 172.23.9.0/24,

using IPv4 subnets

To set up Gateway A for this scenario, follow these steps: