VPN Endpoint Sample Configuration

The following devices are known to be compatible with the Cloud IaaS VPN service. Sample configuration for each are listed below.

Cisco 1921 ISR

Tested firmware version v15.0 M15

crypto isakmp policy 20

encr aes 256

authentication pre-share

group 2

lifetime 28800

 

crypto ipsec transform-set CIAB esp-aes 256 esp-sha-hmac

crypto isakmp key <secret key> address <CIAB IP>

crypto ipsec df-bit clear

 

crypto map <Name> 20 ipsec-isakmp

set peer <CIAB ip>

set transform-set CIAB

set pfs group2

match address CIAB_VPN

 

ip access-list extended CIAB_VPN

permit ip <Local Network> <IaaS Org Network>

 

Sophos XG85

Tested firmware version SFOS 17.0.8 MR-8

IPsec Connections

General Settings

Name Name of VPN
IP Version IPv4
Connection Type Site-to-site
Gateway Type Initiate the connection

Encryption

Policy CIAB
Authentication Type Preshared Key

Gateway Settings

Listening Interface Your device's external facing interface
Gateway Address Cloud IaaS' edge gateway IP
Local Id / Remote Id Not specified

IPsec Policies

General Settings

Name CIAB
Key Exchange IKEv1
Authentication Mode Main
Key Negotiation Tries 0
Allow Rekeying Yes
SHA2 with 96-bit truncation No

Phase 1

Key Life 28800
Re-key Margin 360
Randomize re-keying margin by 0
DH Group 2(DH1024)
Encryption AES256
Authentication SHA1
Encryption AES128
Authentication SHA1
Encryption 3DES
Authentication SHA1

Phase 2

PFS Group 2 (DH1024)
Key Life 3600
Encryption AES256
Authentication SHA1
Encryption AES128
Authentication SHA1
Encryption 3DES
Authentication SHA1
   
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk