> Has anyone managed to get a VPN tunnel working between a Linksys BEFSX41 and
> a GB-1000?
Just got it working tonight, in fact. Can't say I have much experience with it
yet, but damn, they're $63 at buy.com and they give you two simultaneously
active LAN-to-LAN VPNs. That's cheaper than a GB Mobile VPN license! I'm about
to order 5 more...
> The GB-1000 has a static address and the Linksys is dynamic. I have tried to
> configure the systems as per the static to dynamic gateway document, but
> without any luck
>
> When I try to create a tunnel based on the current IP address of the BEFSX41
> and the GB-1000 (ie as per static to static arrangement) the BEFSX41 locks
> up and you need to cycle the power to get it going again....
Mine is static to static, FWIW.
Given:
Office PRO LAN = 192.168.1.0/24
Office EXT IP = 1.2.3.4
Remote LAN = 192.168.2.0/24
Remote EXT IP = 5.6.7.8
Here's what I use on the Linksys:
Local Secure Group: Subnet
IP: 192.168.2.0
Mask: 255.255.255.0
Remote Secure Group: Subnet
IP: 192.168.1.0
Mask: 255.255.255.0
Remote Security Gateway: IP Addr
IP: 1.2.3.4
Encryption: 3DES
Authentication: SHA
Key Management: Auto. (IKE)
Perfect Forward Secrecy: checked
Pre-shared Key: blah blah blah
Key Lifetime: 3600
And on the Advanced Setting page:
Operation Mode: Main mode
Proposal 1:
Encryption: 3DES
Authentication: SHA
Group: 1024-bit
Key Lifetime: 3600
Proposal 2:
Encryption: 3DES
Authentication: SHA
PFS: ON
Group: 1024-bit
Key Lifetime: 3600
Other Options:
NetBIOS Broadcast: unchecked
Anti-replay: checked
Keep-Alive: checked
If IKE failed: checked
times: 5
seconds: 60
And here's what I use on the GB-1000:
Address Objects:
PRO LAN: 192.168.1.0/24
Remote LAN: 192.168.2.0/24
VPN Objects:
Name: ike-3des-pro
Local Gateway: EXT
Local Network: address object("PRO LAN")
Phase I:
Exchange mode: main
Encryption method: 3des
Hash algorithm: hmac-sha1
Key group: DH2
Phase II:
Encryption method: 3des
Hash algorithm: hmac-sha1
Key group: DH2
VPNs:
Key Exchange: IKE
Identity:
VPN Object: ike-3des-pro
Remote gateway: 5.6.7.8
Remote network: address object("Remote LAN")
Pre-shared secret: blah blah blah
Plus, of course, the appropriate remote access and IP pass through filters.
--
Alex Howansky
Wankwood Associates
http://www.wankwood.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archive of the last 1000 messages:
http://www.mail-archive.com/[EMAIL PROTECTED]
