User`s guide
Release Notes Inter-operability with Third-Party VPN Gateways
Release 3.5 Enhanced Support for VPN Clients
Rel. 3.5 Release Notes Page 21 of 30
CAUTION
NEM tunnels can not be mixed with Peer to Peer tunnels.
! Remote peers must not have dynamically assigned IP addresses because pre-
shared key authentication (if selected) uses IKE Main Mode. The security
policy database on each peer must also contain a fixed IP address of the
remote peer.
Inter-operability with Third-Party VPN Gateways
Connecting to a Cisco VPN 3005 Router
The instructions below are provided to configure a sample Peer to Peer tunnel
between a Cisco router and the ANG-1100. The following software revision was used:
Software Rev: Cisco System, Inc. / VPN 3000 Concentrator Series Version
2.5.2 (Rel) Aug 16 2000 11:41:47
Assuming you are working with an operational device, perform the following steps to
configure the Cisco device. Be aware that IP addresses displayed are sample
parameters.
1. Configure an IKE Proposal. Click to Configuration> System> Tunneling
Protocols> IPSec> IKE Proposals and press
ADD.
2. Do the following:
– Enter the Proposal name.
– Select Preshared Keys as the Authentication Mode.
– Select ESP/SHA/HMAC-160 as the Authentication Algorithm from the
pull-down menu.
– Select 3DES-168 as the Encryption Algorithm from the pull-down menu.
– Select Group 2 (1024-bits) as the Diffie-Hellman Group.
– Select the following default values:
– Lifetime Measurement of Time.
– Data Lifetime of 10000.
– Time Lifedata of 86400.
– Click
ADD.
3. Activate the IKE Proposal by clicking ACTIVATE.
4. Configure a Security Association. Click to Configuration> Policy
Management> Traffic Management> Security Association> Modify (or make
selections from the IKE Proposal screen).