General discussion

  • Creator
    Topic
  • #2149602

    VPN site to site

    Locked

    by stepsimon ·

    I have a lot of questions, so I figured this would be more of a discussion post than, one specific question getting answered. So, here it goes:

    We have a client that wants to set up a site to site VPN. We run a peer to peer network of around 15 computers. We have a T1 connection that comes in through a router provided by the ISP, a Cisco 1700. The firewall on the 1700 comes to us disabled by the ISP. We have a second router a LinkSys BEFSX41 after that to provide a firewall.

    Here are my clients policy parameters:

    ISAKMP Parameters
    Encryption: AES (128 bit)
    Authentication Mode Pre-Share Keys
    Auth Algorithm SHA/HMAC-160
    Lifetime 86400 Seconds

    IPSec Parameters
    Encryption AES (128 bit)
    Auth Algorithm ESP/SHA/HMAC-160
    Lifetime 28800 Seconds

    Our LinkSys router does not support AES encryption.

    First, what is difference between IPSec parameters and ISAKMP Parameters? Why are they using both?

    I’m confused about 3DES. If the device, (router, firewall, etc) supports AES are the client authentication algorithms (ESP/SHA/HMAC) covered by that?

    Lastly, I’ve gotten suggestions that range from a Cisco 871 router ($450 – $700ish) to matching the clients firewall device exactly, ($5500 to $6000) installed.

    I’ve never set up a VPN before. I am no wizard, but I’m not entirely without skills. I would love to take a shot at installation myself, but I can’t do that at the expense of the client. They want this thing up in around two weeks. Do think I should pay for installation, or is it doable with some elbow grease?

    Thanks

All Comments

  • Author
    Replies
    • #2914226

      some parameters

      by synner ·

      In reply to VPN site to site

      ISAKMP is a key exchange protocol. It defines how the keys are encrypted, lifetime, and exchanged.

      IPSEC defines how the payload is encrypted.

      Depending on number of clients per site and what’s at the othe end, a cisco 871 may do the trick for you. YOu need to load it with the Security IOS to support VPN tunnels.

Viewing 0 reply threads