Form----Mikrotik Setting IKE Mode = Exchange Mode IKE IDMethod = Hash/Encryption (sha/3des) --I think IPSec Diffie-Hellman = DH Group (1=768, 2=1024, 5=1536) Perfect Forward Secrecy = PFS Group Key Lifetime = Lifetime (on peer) ISAKMP SA Lifetime = Lifetime (on policy)
I'm pretty sure that's the matchup for each question. You need to specify the network segments on each side of the vpn so that each side knows what to encrypt and what not to encrypt. This needs to match on each side so that the router knows what traffic to send/receive on the tunnel. -Kevin Neal -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hammett Sent: Monday, April 21, 2008 9:01 AM To: Mikrotik discussions Subject: [Mikrotik] VPN Questions One of my customers got a CBeyond T1 and their VPN service (against everything I told them to do). CBeyond's VPN configuration form asks me the following questions, to which I haven't really encountered doing Mikrotik VPNs in the past. Note that I haven't done any IPSec VPNs before. IKE Mode (Is this Mikrotik's Exchange Mode?) IKE Identification Method IKE/IPSec Diffie-Hellman Group (options are groups 1, 2, or 5... Mikrotik has modp768, 1024, or 1536 Perfect Forward Secrecy Key Lifetime (Mikrotik has a Lifetime field, but what does it match to?) ISAKMP SA Lifetime (Mikrotik has a Lifetime field, but what does it match to?) Also, I don't understand the need for specifying network segments on each side of the VPN. ---------- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.butchevans.com/pipermail/mikrotik/attachments/20080421/6085e979/a ttachment.html _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik
