I have received some info from a customer about a connection I need to make in a couple of days and I would like to check if I setup everything as needed so a quick connection will be possible once all the paperwork is done.
required policy:
IKE Phase1 (IKE)
Authentication Method: Preshared Key
Diffie-Hellman Group: Group2 (1024)
Encryption Algorithm: 3DES-CBC
Hash Algorithm: SHA-1
Lifetime: 28800 seconds
IKE Phase2 (IP-Sec)
Perfect Forward Secrecy (PFS): PFS
Diffie-Hellman Group: Group2 (1024)
Lifetime: 3600 seconds
Encryption algorithm: ESP + 3DES-CBC
Authentication algorithm: SHA-1
Do the settings as in my attached image correspond to the required settings or do I need to make some adjustments (I can't find anything about CBC in UTM, neither can I find ESP+3DES-CBC or PFS.
I assume by reading the help that PFS is automatically enabled by selecting the Group 2 in het IKE-part of the setup but I'm not certain about that.
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
