Building up a site to site IPsec VPN is not a hard thing to do. But of course you have to understand the principles at first. If you already knew what the two phases of negotiations are, now you can jump directly to the next graph. Otherwise, you should start from learning some fundamental VPN knowledge and terminologies like IKE, IPSec, Transform set, Crypto…
Based on my personal experience, a good document can always help you to build up a site to site VPN in an efficient way. Firstly, talk to the guy who is working with you on the other side and reach to an agreement on the settings which will be programed into the firewall, such as the encryption method, Hash algorithm, pre-shared key, external/internal IP addresses. Secondly, input those information into a spreadsheet or just use my template dispalyed as below, and send a copy to that guy. At last, configure your firewall and test it.
Site-to-Site IPSec VPN Details
My Company: |
My Company, Sydney, NSW |
Contacts: |
Jackie Chen |
Client Company: |
Client Company, Melbourne, VIC |
Contacts: |
Bill Gates
|
VPN usage |
Official web site development |
Firewall Type |
Client |
My Company |
Manufacturer |
Cisco |
Cisco |
Model |
ASA 5510 |
ASA 5520 |
Version |
8.2(2) |
8.2.(3) |
Settings |
Client |
My Company |
Authentication Method |
Pre-Shared Secret |
Pre-Shared Secret |
IKE Encryption Algorithm |
AES-256 |
AES-256 |
IKE Hash Algorithm |
SHA |
SHA |
IKE Security Lifetime |
86400 secs |
86400 secs |
DH Group Identifier |
2 (1024bit), No PFS |
2 (1024bit), No PFS |
IPSEC Security Lifetime |
4608000 kB / 28,800 secs |
4608000 kB / 28,800 secs |
Pre-Shared Secret |
********* |
********* |
IPSEC security protocol |
ESP |
ESP |
IPSEC Encryption Algorithm |
AES-256 |
AES-256 |
IPSEC Hash Algorithm |
SHA |
SHA |
IP addressing |
Client |
My Company |
Peer IP address:
|
X.X.X.X |
Y.Y.Y.Y |
Inside Hosts or Subnets |
Client |
My Company |
Hosts or Subnets |
192.168.1.0/24 |
172.29.1.0/24 |
hi, great wordpress blog, and a good understand! definitely one for my favorites.
Thanks for the feedback 🙂