11-05-2012 08:50 AM
Hi
I need to check and possibly change which Network address is allowed down a tunnel and check our Phase 2 IPSEC propesal. How would I do this on a VPN3000?
Thank you
11-05-2012 09:40 AM
The VPN 3000 configuration guide chapter on tunneling and security describes how to inspect and modify each of those elements.
http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_47/configuration/guide/tunnel.html
Specifically to your questions:
11-06-2012 04:27 AM
Hi Marvin
Thanks for this.
I went through this and could not find any mention of renegotaition seconds or how to change them.I need the settings below to show on Cisco VPN 3000
VPN NAME – LCFC_VPN
MEMBERS – LCFC_CISCO
IKE PHASE 1 – AES-256/SHA1
DIFFIE-HELLMAN – GROUP 2 (1024bit)
RENEGOTIATION – 1440 SECONDS
IPSEC PHASE 2 – AES-128/MD5
RENEGOTIATION – 3600 SECONDS
SHARED SECRET – L1n1k3r
I am sure that I have everything else correct but the seconds.
Thabks once again
11-06-2012 04:53 AM
When you choose an IKE proposal, you can modify it to use other than the default 86400 second lifetime. See the text preceding Table 15-3 here:
You can also create an entirely new proposal as shown in Figure 15-13 further down.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide