Welcome to ISAserver.org

Site to Site VPN

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Firewall] >> VPN >> Site to Site VPN

Page: [1]

Message

<< Older Topic Newer Topic >>

Site to Site VPN - 6.Jan.2007 7:28:41 AM

duffo

Posts: 37
Joined: 14.Jan.2004
From: London
Status: offline

Hi Guys, I need to set up a site to site link with a partner company.
Their VPN peer is a Cisco VPN Concentrator 3005.

I have an ISA 2006 FW.

Here are the config details they have supplied me with. Please note I have put asterisks beside the values that I'm not sure about because I can't find them in ISA.

PHASE ONE
Authentication Method  :   Pre-Shared Key or IPSEC Certificates
** Encryption  :    Scheme IKE
Diffie-Hellman Group  :    Group 2
Encryption Algorithm  :    3DES
Hashing Algorithm  :    SHA-1
** Main or Aggressive Mode  :    Main mode
Lifetime (for renegotiation)  :    86400 seconds

PHASE TWO
** Encapsulation (ESP or AH)  :     ESP
Encryption Algorithm  :     3DES
Authentication Algorithm  :     SHA-1
Perfect Forward Secrecy  :     NO PFS
Lifetime (for renegotiation)  :     28800 seconds
Lifesize in KB (for renegotiation)  :     Not used
** Key Exchange For Subnets?  :     Yes

2 Questions ;

1) Can ISA do a site to site VPN to this kind of device?
2) How / where do I put the values marked above with **? Or are these default values?????

Thanks
Tim

Post #: 1

Featured Links*

RE: Site to Site VPN - 22.Jan.2007 10:12:59 AM

tshinder

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Tim,

Check out the www.microsoft.com/isa site for guidance on how to do this. There's an article on how to connect with Cisco there.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to duffo)

Post #: 2