vSheild Edge VPN Defaults

To established VPN between firewalls sometimes not easy, two sites need to be agree on settings and firewall rules need to matched

I would like to describe vShield Edge defaults because not all informations are described and shown on vCloud Director GUI and also on vShield Manager

if you are customer i advise you to have syslog server

if you are admin on provider site pls run with vShield Manager logging

You can little confuse when you start to configure VPN, vShield Edge configuration is not like standard firewalls, you can not see the sections of phase1 and phase2 and don’t configure SA lifetimes or others because of that you have to know default values

I also advise to read http://www.vmware.com/pdf/vshield_51_admin.pdf

vShield Edge use/support

IKEv2

Phase 1

Main Mode (For other modes and explanations pls read this ) No Aggressive Mode
3DES/AES (Choose Encryption)
SHA1 (Integrity Algorithm )
PSK(pre-shared secret key) and Certificate (For Certificate you have to use vShield Manager GUI)(I never use it)
SA Lifetime (28800) no any data kbyets
DH Group 2

Phase2

3DES/AES (Choose Encryption) (From vDirector GUI you will see that selected one will be available for phase1 and 2  )
SHA1 (Integrity Algorithm )
ESP Tunnel Mode
DH Group 2
PFS
SA Lifetime (3600) no any data kbyets
Selectors for all IP protocols, all ports, between the two networks, using IPv4 subsets

DPD (Dead Peer Detection also generally selected on remote site)

Looks like VMware already tested vShield Edge to Cisco Router /ASA, Watchguard

My next articles will be VPN between vShield Edge to Frotigate and vShield Edge to CheckPoint

VM

Posted on 09/10/2012, in vShield Edge and tagged , , , , , . Bookmark the permalink. 2 Comments.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: