Broadband VPN Gateway User Guide
Example 2: Windows 2000/XP Client to LAN
In this example, a Windows 2000/XP client connects to the Broadband VPN Gateway and gains access to the local LAN.
Figure 49: Windows 2000/XP Client to Broadband VPN Gateway
To use 3DES encryption on Windows 2000, you
need Service Pack 3 or later installed.
Broadband VPN Gateway Configuration
Setting Value Notes
Name Win Client Name does not affect operation. Select a
meaningful name.
Remote Endpoint 172.16.9.10 Other endpoint's WAN (Internet) IP address.
Local
IP addresses
Subnet address:
192.168.0.0
255.255.255.0
Allows access to entire LAN. Use a more
restrictive definition if possible.
Remote
IP addresses
172.16.9.10 For a single client, this address is the same as
the endpoint address.
Key Exchange IKE Must match client PC
IKE SA Parameters
IKE Direction Both ways Using "Responder only" is not possible.
Local Identity IP address Required.
Remote Identity IP address Required
IKE Authentication
method
Pre-shared Key Certificates are not widely used.
Pre-shared Key Xxxxxxxxxx Must match client PC
IKE Authentication
algorithm
SHA-1 Must match client PC
IKE Encryption 3DES Must match client PC
IKE Exchange
mode
Main Mode Windows 2000 only supports Main Mode.
DH Group Group 1 (768 bit) Must match client PC
IKE SA Life time 28800 Does not have to match client PC. Shorter
84
