GS [ MkroTIKIPSEC Configuration Worksheet 1 Parpore [The purpose ofthis worksheet isto gather athe information about the tunnel prior to Implementation or changes Re 2s specific a possible when filing this worksheet out, ‘Organization A Contact Information Name Phone lemail street Address [city State zis Code ‘Organization 6 Contact Information Name Phone [email street Address [city State zis Code Network information Property Client A Client 8 Hardware Platform (0S Version IKE Phased Peer address Port (iriteger0- 65535; Default = 500 Local Address (Local ISAKMP SA address on the router used by the peer) Not normally set [Authentication method: (default = pre shared Key) pre-shared-key - authenticate by a password (secret string shared between the peers -ra-signature - authenticate using a pair of RSA certificates rsa-key authenticate using 2 RSA key imported in IPsec key menu -pre-shared-key-xauth - mutual SK authentication + xauth username/password. passive parameter identifies server/llent side |-e-signature-hybrid - responder certificate authentication with initiator lxauth, passive parameter identifies server/client side Passive (Yes | No Default = No) [Secret (Preshared Key) Exchange Mode (aggressive | base | main | main-2tp; Default: main) [Send intial Contact (es | no; Default: yes) INAT Traversal (yes | no; Default: no) (ESP Only) Proposal Check (claim | exact | obey | strict; Default: obey) [ash Algorithm (md5 | shal | sha256 | sha5i2; Default: shai) Encryption Algorithm (3des | aes-128| 205-192 | aes-256 | Blowfish |camelia-128 | camelia-192 | camella-256 | des; Default: aes-128) [Mode Configuration (none | request-only | string: Default: none) DH Group (ec2n155 | ec2ni85 | modp1024 | modp153%6 | modp20%8 | modp3072, [Generate Policy no | port override | port stict Default: no) Lifetime Lifebytes [Dead Peer Detection Interval [DPD Maximum Failures (integer 1.100; Default: 5) www riekfreyconsulting.comS IKE Phase, IPSEC Protocols (ah | esp [ahBiesp; Default: esp) [auth Algorithm (ma [shal [null sha256|shaSi2; Default shal) Encryption Algorithm (null|des| Sdes[aes-128-cbc aes-i78-coc laes-128gcm | aes-192-cbe | aes-192-ctr|aes-182-gcm|aes-256-cbe |2es-256-ctr|2es-256-gem | blowfish|camelia-128 |cametia-192 camelli-256|twofsh; Default: aes-128-cbe) Lifetime PFS Group (ec2n155 | ecIniB5 | modplO24 | moapIS36 | modsz0% | modp3072 ‘Security Policies [Source Address [Source Port Destination Address Destination Port Protocol (all | egp | agpI emp | emp | f-encap | top | udp | Ipsec Default: all ISA Source Address ISA Destination address [Tunnel Mode or Transport Mode (Tunnel Made usualy requires NAT; Transport mode often requires routing) www riekfreyconsulting.com