bunny-lab/docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Networking/Sophos/IPSec Site-to-Site VPN Tunnel.md

Browse Source
This commit is contained in:
Nicole Rappe
2024-08-09 16:03:50 -06:00
parent be6437cfc1
commit 82af521c69
1 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
Networking/Sophos/IPSec Site-to-Site VPN Tunnel.md
View File

@ -48,14 +48,30 @@ Navigate to "**Configure > Site-to-Site VPN > Add**"
## Configure IPSec Encryption Profile
Navigate to "**System > Profiles > IPSec Profiles > Custom_IKEv2_`<Initiator>/<Responder>`**"
| **Field** | **Value** |
| :--- | :--- |
| Phase 1 Lifetime | `<Longer Lifetime Compared to Phase 2>` (*Default = `28800`*) |
| Phase 2 Lifetime | `<Shorter Lifetime Compared to Phase 1>` (*Default = `14400`*) |
!!! info "Explanation of Phases and their Relation to Initiators/Responders"
Phase 1 could be described as establishing the initial tunnel's connectivity from the Initiator to the Responder. (Local to Remote). While phase 2 would be considered individual devices establishing connections through the VPN tunnel. (Individual Endpoint Connectivity).
The responder's phase 1 & 2 lifetime values are 300 seconds longer than the initiator's phase 1 & 2 lifetime values.
=== "Initiator Phase Lifetime Values"
| **Field** | **Value** | **Notes** |
| :--- | :--- |
| Phase 1 Lifetime | `<Longer Lifetime Compared to Phase 2>` | *Default Value*: `28800` |
| Phase 2 Lifetime | `<Shorter Lifetime Compared to Phase 1>` | *Default Value*: `14400` |
=== "Responder Phase Lifetime Values"
| **Field** | **Value** | **Notes** |
| :--- | :--- |
| Phase 1 Lifetime | `<Longer Lifetime Compared to Phase 2>` | *Default Value + 300 Seconds*: `328800` |
| Phase 2 Lifetime | `<Shorter Lifetime Compared to Phase 1>` | *Default Value + 300 Seconds*: `314400` |
!!! warning "Remote / Local Phase Lifetimes"
Within the context of the remote and local VPN tunnels, the lifetime of the Phase 1 and Phase 2 encryption keys needs to be shorter on the intiator than the responder sides of the VPN tunnel.
## Repeat Steps on Remote Firewall
You will need to repeat the steps on both firewalls, so one firewall is the initiator, and one is configured as the responder. Keep special note of the admonitions regarding initiator / responder / local / remote differences.