Hi!
First post here.
I need to set up a VPN with a cell phone provider for SMPP.
The provider is asking me for this params:
Authentication Method = Pre-Shared Key
Encryption Scheme = IKE
Diffie-Hellman Group = Group 2
Encryption Algorithm = 3DES
Hashing Algorithm = SHA-1
Main or Aggressive Mode = Main Mode
Lifetime (for renegotiation) = 28800 seconds
Encapsulation = AH + ESP
Encryption Algorithm ESP = 3DES
Authentication Algorithm ESP = SHA-1
Authentication Algorithm AH = none
Perfect Forward Secrecy = none
Lifetime (for renegotiation) = 3600 seconds
Lifesize in KB (for renegotiation) = 4608000
BUT they ask me to protect traffic between public IPs, not internal IPs, this is because of this:
The VPN should be of the LAN-to-LAN or Site-to-Site.
The ips encryption domain must be of public range. Although these will not be exposed to private internet and are valid only “inside” the tunnel, it is necessary to Nate local encryption domain to one or a range of ips to public numbering. This is to avoid duplication of internal networks.
I am using a Virtual Data Center, in which I have resources managed by a VMWare.
I tried with the Edge service of the VMWare that I’m using but it only supports to protect (encryption domain) traffic from my local network and not my WAN, as I always did with the old Cisco PIX 501.
This time I have to do it with any of these devices:
RB2011
RB3011
CRS125
RB1100
The data center company, of which I am a client, suggested me to use the RB2011 to do this, but they cannot tell me if I will be able to do it, so they told me to ask here.
So… will I be able to use the RB2011 to create a VPN IPSEC with the cell phone provider with the configuration the request?
Thanks a lot
dhcmega