1. Overview
To bring a VPN site-to-site tunnel up and running, both firewalls at each site must have the same configuration and the network administrators at both sites must work together closely to accomplish that. Mostly each site locates in different geographical areas which make us hard to talk each other when configuring VPN site-to-site. Having VPN site-to-site form in place will help us a lot. It is because that VPN site-to-site form contents the information that each network administrator in both sites have to follow to have a common configuration as the result.
In this article, we will talk about some basic information that an IPSec VPN site-to-site form should be included.
2. Prerequisites
In this document, it is assumed that:
a. You need to have some understanding of IPSec VPN.
b. You need to understand about encryption and authentication that happen at phase 1 and phase 2 of IPSec VPN.
3. Basic information in IPSec VPN Site-to-Site Form
| VPN ID:………………… | Date: DDD/MM/YYYY |
| Site A Company | |
| Company Name: | |
| Site/Location: | |
| Technical Contact | |
| Name: | |
| Position: | |
| Phone: | |
| Mobile: | |
| Email: | |
| Skype ID: | |
| Site B Company | |
| Company Name: | |
| Site/Location: | |
| Technical Contact | |
| Name: | |
| Position: | |
| Phone: | |
| Mobile: | |
| Email: | |
| Skype ID: | |
| Purpose of VPN Connection | |
| ……………………………………………………………………………………………………………………………. |
| Firewall Type | Site A Company | Site B Company |
| Manufacturer | Example: Cisco | Example: Cisco |
| Model | Example: ASA 5525-X | Example: ASA 5555-X |
| Version | Example: 9.2 | Example: 9.5 |
| Configuration | Site A Company | Site B Company | ||
| Phase 1 | ||||
| IKE Encryption Algorithm | □ 3DES □ AES-128 □ AES-192 □ AES-256 | □ 3DES □ AES-128 □ AES-192 □ AES-256 | ||
| IKE Hash Algorithm | □ MD5 □ SHA (SHA is preferred) | □ MD5 □ SHA (SHA is preferred) | ||
| IKE Security Lifetime | □ 14400 □ 28800 □ 86400 □ Other:……… | □ 14400 □ 28800 □ 86400 □ Other:……… | ||
| Diffie-Hellman Group | □ 2 □ 5 □ 7 | □ 2 □ 5 □ 7 | ||
| Pre-shared key | ************* | ************* | ||
| Phase 2 | ||||
| IPSec security protocol | ESP | ESP | ||
| IPSec Encryption Algorithm | □ 3DES □ AES-128 □ AES-192 □ AES-256 | □ 3DES □ AES-128 □ AES-192 □ AES-256 | ||
| IPSec Hash Algorithm | □ MD5 □ SHA (SHA is preferred) | □ MD5 □ SHA (SHA is preferred) | ||
| IPSec Security Lifetime (Optional) | □ 14400 □ 28800 (default) □ 86400 □ Other:……… | □ 14400 □ 28800 (default) □ 86400 □ Other:……… | ||
| Perfect Forward Secrecy (PFS) (Optional) | PFS: □Yes □No | Group □2 (default) □ 5 □ 7 | PFS: □Yes □No | Group □2 (default) □ 5 □ 7 |
| IP Addressing | Site A Company | Site B Company |
| Peer IP address | ||
| Local IP address |
4. Conclusion
Now you have known some basic information that should be stated the in the IPSec VPN site-to-site form. You can always adjust this form to meet your organization needs. If you have any questions or suggestions you can always leave your comments below. I will try all of my best to review and reply them. Thank you and enjoy your day.
Comments
Related posts:
Configuring Site-to-Site IPSec VPN Between Cisco ASA Firewalls IOS Version 9.x
Configuring Site-to-Site IPSec IKEv2 and IKEv1 VPN On a Single Cisco ASA Firewalls Running IOS Version 9.x
Configuring Fail Over IPSec Site-to-site VPN With Dual WAN Links and IP SLA on Cisco ASA Firewall 9.x
Configuring Cisco AnyConnect Remote Access VPN on ASA 9.x