Policy: Firewall-VPN Last Modified: Wed Oct 27 07:28:53 2004 Global Properties Installation Targets

Type	Name	General	Properties		Comments
Site to Site - Meshed
	MyIntranet	General General Community Traffic Security Policy Accept all encrypted traffic	Participating Gateways Participating Gateways Branch-Office-gw Corporate-Cluster-1 Corporate-Cluster-2 Remote-1-gw Remote-2-gw Remote-3-gw Remote-4-gw Remote-5-gw	VPN Properties VPN Properties IKE (Phase 1) Properties Perform key exchange encryption with: 3DES Perform data integrity with: MD5 IPSEC (Phase 2) Properties Perform IPSEC data encryption with: AES-128 Perform data integrity with: MD5 Tunnel Management Tunnel Management Permanent Tunnels Set Permanent Tunnels: On all tunnels in the community On all tunnels of specific Gateways On specific tunnels in the community Enable Route Injection Mechanism (RIM) Tunnel down track: Popup Alert Tunnel up track: Log VPN Tunnel Sharing Control the number of VPN tunnels opened between peer Gateways One VPN tunnel per each pair of hosts One VPN tunnel per subnet pair One VPN tunnel per Gateway pair Advanced Settings Advanced Settings Excluded Services Excluded Services (none) Shared Secret Shared Secret Use only Shared Secret for all Exteral members Advanced VPN Properties Advanced VPN Properties IKE (Phase 1) Use Diffie-Hellman group: Group 2 (1024 bit) Renegotiate IKE SA every: 1440 minutes Use aggressive mode IPSEC (Phase 2) Use Perfect Forward Secrecy Renegotiate IPSEC SA every: 3600 seconds Support Site to Site IP compression NAT Disable NAT inside the VPN community Wire Mode Wire Mode Bypass the Firewall Allow uninspected encrypted traffic between Wire mode interfaces of this Community's members
Remote Access
	RemoteAccess		Participating Gateways Participating Gateways (none) Participant User Groups Participant User Groups All Users