General discussion

Locked

VPN site to site

By stepsimon ·
I have a lot of questions, so I figured this would be more of a discussion post than, one specific question getting answered. So, here it goes:

We have a client that wants to set up a site to site VPN. We run a peer to peer network of around 15 computers. We have a T1 connection that comes in through a router provided by the ISP, a Cisco 1700. The firewall on the 1700 comes to us disabled by the ISP. We have a second router a LinkSys BEFSX41 after that to provide a firewall.

Here are my clients policy parameters:

ISAKMP Parameters
Encryption: AES (128 bit)
Authentication Mode Pre-Share Keys
Auth Algorithm SHA/HMAC-160
Lifetime 86400 Seconds

IPSec Parameters
Encryption AES (128 bit)
Auth Algorithm ESP/SHA/HMAC-160
Lifetime 28800 Seconds

Our LinkSys router does not support AES encryption.

First, what is difference between IPSec parameters and ISAKMP Parameters? Why are they using both?

I'm confused about 3DES. If the device, (router, firewall, etc) supports AES are the client authentication algorithms (ESP/SHA/HMAC) covered by that?

Lastly, I've gotten suggestions that range from a Cisco 871 router ($450 - $700ish) to matching the clients firewall device exactly, ($5500 to $6000) installed.

I've never set up a VPN before. I am no wizard, but I'm not entirely without skills. I would love to take a shot at installation myself, but I can't do that at the expense of the client. They want this thing up in around two weeks. Do think I should pay for installation, or is it doable with some elbow grease?

Thanks

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

some parameters

by SYNner In reply to VPN site to site

ISAKMP is a key exchange protocol. It defines how the keys are encrypted, lifetime, and exchanged.

IPSEC defines how the payload is encrypted.

Depending on number of clients per site and what's at the othe end, a cisco 871 may do the trick for you. YOu need to load it with the Security IOS to support VPN tunnels.

Back to Networks Forum
1 total post (Page 1 of 1)  

Hardware Forums