<<Create a Client-to-Site IKE Policy (1 of 3)

Create a Client-to-Site IKE Policy (3 of 3) >>

 

Example 6: L2TP over IPsec, Client-to-Site

Create a Client-to-Site IKE Policy (Step 2 of 3)

TMS zl Module

Windows 2000/XP VPN Client

  1. Under IKE Authentication, configure these settings:

  1. For Key Exchange Mode, select Main Mode.

  2. For Authentication Method, select Preshared Key.

  3. For Preshared Key and Confirm Preshared Key, type WindowsL2tpKEY.

  1. Under Security Parameters Proposal, configure the security settings that will be proposed by the Threat Management Services (TMS) zl Module for the IKE SA:

  1. For Diffie-Hellman (DH) Group, select the size of the prime number that is used in DH key agreement. For this example, select Group 2 (1024).

  1. For Encryption Algorithm, select 3DES.

  1. For Authentication Algorithm, select MD5.

  1. For SA Lifetime in seconds, type 28800 seconds (8 hours).

  1. Click Next.

  1. In the Security method preference order window, select each entry and click Remove.

  2. Click Add.

  3. For Integrity algorithm select MD5.

  4. For Encryption algorithm select 3DES.

  5. For Diffie-Hellman group select Medium (2).

  6. Click OK, then click OK again.

  7. Under Authenticate and generate a new key after every, type 480 in the minute box. (This is the same as 28800 seconds.)

  8. Click OK.

  9. In the Main Campus Properties window, click the Rules tab and click Add.

  10. Click the Authentication Methods tab and click Add.

  11. Select Use this string (preshared key), type WindowsL2tpKEY in the box and click OK.

  12. Select the Preshared Key entry and click Move up so that it is above the Kerberos entry.

<<Create a Client-to-Site IKE Policy (1 of 3)

Create a Client-to-Site IKE Policy (3 of 3) >>