Chapter 12 VPN
P-792H v2 User’s Guide
182
12.9.10 Pre-Shared Key
A pre-shared key identifies a communicating party during a phase 1 IKE
negotiation (see Section 12.9.5 on page 177 for more on IKE phases). It is called
“pre-shared” because you have to share it with another party before you can
communicate with them over a secure connection.
12.9.11 Diffie-Hellman (DH) Key Groups
Diffie-Hellman (DH) is a public-key cryptography protocol that allows two parties
to establish a shared secret over an unsecured communications channel. Diffie-
Hellman is used within IKE SA setup to establish session keys. 768-bit (Group 1 -
DH1) and 1024-bit (Group 2 – DH2) Diffie-Hellman groups are supported. Upon
completion of the Diffie-Hellman exchange, the two peers have a shared secret,
but the IKE SA is not authenticated. For authentication, use pre-shared keys.
12.9.12 Telecommuter VPN/IPSec Examples
The following examples show how multiple telecommuters can make VPN
connections to a single P-792H v2 at headquarters. The telecommuters use IPSec
routers with dynamic WAN IP addresses. The P-792H v2 at headquarters has a
static public IP address.
12.9.12.1 Telecommuters Sharing One VPN Rule Example
See the following figure and table for an example configuration that allows
multiple telecommuters (A, B and C in the figure) to use one VPN rule to
simultaneously access a P-792H v2 at headquarters (HQ in the figure). The
telecommuters do not have domain names mapped to the WAN IP addresses of
their IPSec routers. The telecommuters must all use the same IPSec parameters
but the local IP addresses (or ranges of addresses) should not overlap.
Figure 83 Telecommuters Sharing One VPN Rule Example
LAN
192.168.2.12
LAN
192.168.3.2
LAN
192.168.4.15
A
B
C
LAN
192.168.1.10
HQ
Internet
To Next Page
Loading...
