-
Under IKE Authentication, configure these settings:
-
For Key Exchange Mode, select Main Mode.
-
For Authentication Method, select Preshared Key.
-
For Preshared Key and Confirm Preshared Key, type WindowsL2tpKEY.
-
Under Security Parameters Proposal, configure the security settings that will be proposed by the Threat Management Services (TMS) zl Module for the IKE SA:
-
For Diffie-Hellman (DH) Group, select the size of the prime number that is used in . For this example, select Group 2 (1024).
-
For Encryption Algorithm, select 3DES.
-
For Authentication Algorithm, select MD5.
-
For SA Lifetime in seconds, type 28800 seconds (8 hours).
-
Click Next.
|
-
In the Security method preference order window, select each entry and click Remove.
-
Click Add.
-
For Integrity algorithm select MD5.
-
For Encryption algorithm select 3DES.
-
For Diffie-Hellman group select Medium (2).
-
Click OK, then click OK again.
-
Under Authenticate and generate a new key after every, type 480 in the minute box. (This is the same as 28800 seconds.)
-
Click OK.
-
In the Main Campus Properties window, click the Rules tab and click Add.
-
Click the Authentication Methods tab and click Add.
-
Select Use this string (preshared key), type WindowsL2tpKEY in the box and click OK.
-
Select the Preshared Key entry and click Move up so that it is above the Kerberos entry.
|