Fujitsu K5 IPSec VPN Configuration Document
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAA
1
IPSec VPNaaS Configuration Document
2
LocationK5 Site (UK region)Customer SiteComments
Example K5 (US Region) as target
3
Step 1 - Add New VPN Service (K5 Only)
4
5
NameIPSECService-VPNDemo-Site1K5 SpecificIPSECService-VPNDemo-Site2
6
Description - optionalVPN Service within K5 UK RegionVPN Service within K5 US Region
7
Subnet IdSelect name from dropdownSelect name from dropdown
8
Router IdSelect name from dropdownSelect name from dropdown
9
Availability ZoneSelect name from dropdownSelect name from dropdown
10
Step 2 - Add New IPSec Policy
11
12
NameIPSECPolicy-VPNDemo-Site1K5 SpecificIPSECPolicy-VPNDemo-Site2
13
DescriptionVPN Service within K5 UK RegionVPN Service within K5 US Region
14
Transform ProtocolespespMust both be esp - no other options supportedesp
15
Authentication Algorithmsha1sha1Must both be sha1 - no other algorithm supportedsha1
16
Encapsulation ModetunneltunnelMust both be tunnel - no other modes supportedtunnel
17
Encryption Algorithmaes-256aes-256Agree same algorithim with customer - only options aes-128, aes-192, aes-256aes-256
18
Perfect Forward Secrecygroup5group5Agree same group with customer - only options are group2, group5 and group14group5
19
Lifetime of the SA72007200Agree same lifetime with customer7200
20
Availability Zoneuk-1bK5 Specificus-1a
21
Step 3 - Add New IKE Policy
22
23
NameIKEPolicy-VPNDemo-Site1K5 SpecificIKEPolicy-VPNDemo-Site2
24
DescriptionVPN Service within K5 UK RegionVPN Service within K5 US Region
25
Phase 1 Negotiation ModemainmainMust both be main - no other options supportedmain
26
Authentication Algorithmsha1sha1Must both be sha1 - no other algorithm supportedsha1
27
Encryption Algorithmaes-256aes-256Agree same algorithim with customer - only options aes-128, aes-192, aes-256aes-256
28
Perfect Forward Secrecygroup5group5Agree same group with customer - only options are group2, group5 and group14group5
29
Lifetime of the SA72007200Agree same lifetime with customer.7200
30
IKE Versionv1v1Must both be v1 - no other version supported.v1
31
Availability Zoneuk-1bK5 Specificus-1a
32
Step 4 - Add New Site Connection
33
34
Name
IPSecConnection-VPNDemo-Site1
K5 SpecificIPSecConnection-VPNDemo-Site2
35
DescriptionVPN Service within K5 UK RegionVPN Service within K5 US Region
36
Pre-Shared KeyMyVerySecretKeyMyVerySecretKeyAgree same key with customer.MyVerySecretKey
37
Initiator Typebi-directionalbi-directionalAgree same Initiator Type with customer - only options are bi-directional and response-only.bi-directional
38
IKE Policy - Phase 1Select name from dropdownK5 SpecificSelect name from dropdown
39
IPSec Policy - Phase 2Select name from dropdownSelect name from dropdown
40
VPN ServiceSelect name from dropdownSelect name from dropdown
41
Peer CIDR [Note: One Only Supported]
192.168.0.0/2410.0.10.0/24These must be different. Ensure to put remote CIDR details in here. Verify with customer.192.168.10.0/24
42
Peer Gateway IP Address148.57.139.207145.17.35.12Get Remote VPN Public IP Address from customer. Provide the Customer with the Global IP Address assigned to your K5 Router.62.60.57.5
43
Peer Router Id [Label - Use Peer Gateway]
148.57.139.207145.17.35.1262.60.57.5
44
Dead Peer Detection ProtocolrestartrestartAgree same protocol with customer - only options are hold and restart.restart
45
Dead Peer Detection Interval3030Agree same interval with customer.30
46
Dead Peer Detection Timeout120120Agree same interval with customer.120
47
Admin State UptrueK5 Specifictrue
48
Availability Zoneuk-1bus-1a
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
Main menu