Overview
You can create a secure tunnel between two LANs secured by a firewall. This article describes creating an IPsec VPN tunnel between Kerio Control and another device. Before you start, read the topic which describes Kerio Control settings.
Information
This section includes default and supported values for IPsec implemented in Kerio Control. Both endpoints should be able to communicate automatically. If a problem occurs and you have to set the values manually, consult the following tables for default and supported values in Kerio Control. Kerio Control uses the default values. Remote endpoints of the tunnel can also use the recommended values.
Phase 1 (IKE):
| Variable | Default values | Supported values |
Unsupported values |
|---|---|---|---|
|
Mode |
Main | NA | Aggressive |
| Remote ID type | hostname | IP address |
NA |
|
NAT Traversal |
enabled | NA | NA |
|
Ciphersuite (policies) |
aes128-sha1-modp2048,3des-sha1-modp1536 |
NA | NA |
|
Version |
IKEv1, IKEv2 | NA | NA |
|
DPD Timeouts |
enabled (150 sec) | NA | NA |
|
Lifetime |
3 hours | NA | NA |
Phase 2 (ESP):
| Variable |
Supported Values |
Unsupported Values |
|---|---|---|
|
Mode |
Tunnel | Transport |
|
Protocol |
ESP | AH |
|
Ciphersuite (policies) |
aes128-sha1, 3des-sha1 | NA |
|
PFS |
off | NA |
|
Lifetime |
60 mins | NA |
Supported ciphers
Each cipher consists of three parts:
- Encryption Algorithm — for example,
aes128 - Integrity Algorithm — for example,
sha1 - Diffie Hellman Groups — for example,
modp2048
Kerio Control supports the following ciphers:
Phase 1 (IKE) - supported ciphers
| Encyption Algorithms |
Integrity Algorithms |
Diffie Hellman Groups |
|---|---|---|
|
|
|
Phase 2 (ESP) - supported ciphers
| Encyption Algorithms |
Integrity Algorithms |
Diffie Hellman Groups |
|---|---|---|
|
|
|
Priyanka Bhotika
Comments