VPN 3000

JAYESH RAMAIYA · ‎11-05-2012

Hi

I need to check and possibly change which Network address is allowed down a tunnel and check our Phase 2 IPSEC propesal. How would I do this on a VPN3000?

Thank you

Marvin Rhoads · ‎11-05-2012

The VPN 3000 configuration guide chapter on tunneling and security describes how to inspect and modify each of those elements.

http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_47/configuration/guide/tunnel.html

Specifically to your questions:

1. http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_47/configuration/guide/tunnel.html#wp1308294

2. http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_47/configuration/guide/tunnel.html#wp1251053

JAYESH RAMAIYA · ‎11-06-2012

Hi Marvin

Thanks for this.

I went through this and could not find any mention of renegotaition seconds or how to change them.I need the settings below to show on Cisco VPN 3000

VPN NAME – LCFC_VPN

MEMBERS – LCFC_CISCO

IKE PHASE 1 – AES-256/SHA1

DIFFIE-HELLMAN – GROUP 2 (1024bit)

RENEGOTIATION – 1440 SECONDS

IPSEC PHASE 2 – AES-128/MD5

RENEGOTIATION – 3600 SECONDS

SHARED SECRET – L1n1k3r

I am sure that I have everything else correct but the seconds.

Thabks once again

Marvin Rhoads · ‎11-06-2012

When you choose an IKE proposal, you can modify it to use other than the default 86400 second lifetime. See the text preceding Table 15-3 here:

http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_47/configuration/guide/tunnel.html#wp1458193

You can also create an entirely new proposal as shown in Figure 15-13 further down.