1. Overview
To bring a VPN site-to-site tunnel up and running, both firewalls at each end must have the same configuration and the network administrators at both sites must work together closely to accomplish that. Mostly each site locates in different geographical areas which make us hard to talk each other when configuring VPN site-to-site. Having VPN site-to-site form in place will help us a lot. It is because that VPN site-to-site form contents the information that each network administrator in both sites have to follow to have a common configuration as the result.
In this article will show you an example about some basic information that an IPSec VPN site-to-site with IKE version 2 form should be included.
2. Prerequisites
In this document, it is assumed that:
a. You need to have some understanding of IPSec VPN.
b. You need to understand about encryption and authentication that happen at phase 1 and phase 2 of IPSec VPN.
3. Basic information in IPSec VPN Site-to-Site With IKE Version 2 Form
3.1 Contract Details
|
Technical Contact |
|||
| Company Name | Company A |
Company B |
|
| Primary | Name | ||
| Position | |||
| Mobile | |||
| Phone | |||
| Skype ID | |||
| Secondary | Name | ||
| Position | |||
| Mobile | |||
| Phone | |||
| Skype ID | |||
3.2 About The VPN
|
VPN Property |
|||
| VPN ID | Tunnel Establishment Date | 26-Jul-17 | |
|
Purpose of VPN Connection |
|||
3.3 Technical Information
|
VPN Setting |
|||||
|
3.1 Network settings |
|||||
| Company A | Company B | ||||
| Tunnel Peer IP | Primary | X.X.X.X | |||
| Secondary | X.X.X.X | ||||
| Device Manufacturer | Cisco | ||||
| Device Model | ASA 5525-X | ||||
| Device Software Version | 9.8 | ||||
|
3.2 IKE settings |
|||||
| IKE Version | 2 | ||||
| Encryption algorithm | AES-256 | ||||
| Integrity algorithm | SHA-256 | ||||
| PRF algorithm | SHA-256 | ||||
| Authentication method | PSK (Will share privately) | ||||
| DH group | Group 2 (1024) | ||||
| IKE lifetime | 28800 sec | ||||
| 3.3 IPSEC settings | |||||
| PFS | Yes (group 2) | ||||
| Encryption algorithm | AES-256 | ||||
| Integrity algorithm | SHA-256 | ||||
| SA Lifetime | 3600 sec | ||||
|
2.4 Encryption domain |
|||||
|
Company A |
Company B |
||||
| Local IP Address | Port | Local IP Addresses | Port | ||
There is also a Microsoft Word version for a sample of IPSec VPN site-to-site with IKE version 2 form which you can download with this link IPSec VPN Site-to-site IKEv2 From.
4. Conclusion
Now you have known some basic information that should be stated the in the IPSec VPN site-to-site with IKE version 2 form. You can always adjust this form to meet your organization needs. If you have any questions or suggestions you can always leave your comments below. I will try all of my best to review and reply them. Thank you and enjoy your day.
