Sample VPN Information Table

Item Description

Assigned by

External IP Address

The IP address that identifies the IPSec-compatible device on the Internet.

Example:
Site A: 203.0.113.2
Site B: 198.51.100.2

ISP
Local Network Address

An address used to identify a local network. These are the IP addresses of the computers on each side that are allowed to send traffic through the VPN tunnel. We recommend that you use an address from one of the reserved ranges:

10.0.0.0/8—255.0.0.0

172.16.0.0/12—255.240.0.0

192.168.0.0/16—255.255.0.0

The numbers after the slashes indicate the subnet masks. /24 means that the subnet mask for the trusted network is 255.255.255.0.
For more information about slash notation, go to About Slash Notation.

Example:
Site A: 10.0.1.0/24
Site B: 10.50.1.0/24

You
Shared Key

The shared key is a passphrase used by two IPSec-compatible devices to encrypt and decrypt the data that goes through the VPN tunnel. The two devices use the same passphrase. If the devices do not have the same passphrase, they cannot encrypt and decrypt the data correctly.

Use a passphrase that contains numbers, symbols, lowercase letters, and uppercase letters for better security. For example, “Gu4c4mo!3” is better than “guacamole”.

Example:
Site A: OurShared/Secret
Site B: OurShared/Secret

You
IKE version Fireware supports two versions of the IKE protocol, IKEv1 and IKEv2. The two devices must use the same IKE version.  
Encryption Method

DES uses 56-bit encryption. 3DES uses 168-bit encryption. AES encryption is available at the 128-bit, 192-bit, and 256-bit levels. AES-256 bit is the most secure encryption. In Fireware v12.2 or higher, AES-GCM is supported at the 128-bit, 192-bit, and 256-bit levels.

The two devices must use the same encryption method.

Example:
Site A: AES-256
Site B: AES-256

You

Authentication Method

Select SHA2, SHA1, or MD5. SHA2 is available at the 256-bit, 384-bit, and 512-bit levels. SHA2 is stronger than either SHA1 or MD5. The two devices must use the same authentication method.

Example:
Site A: SHA2-256
Site B: SHA2-256

You