Kerio Control side:
Passive.
Type:IPsec.
Preshared key: pfsense random key.
Local ID: Kerio Control external IP address.
Remote ID: pfSense external IP address.
Phase 1: 3des-sha1-modp1536 - change to more stronger and repeat with pfSense.
Phase 2: aes128-sha1 - change to more stronger and repeat with pfSense.
Remote networks: pfSense local networks.
Local networks: Kerio Control local networks.
Confirure traffic policy.
pfSense side:
Phase1:
Key Exchange version: IKEv1.
Internet Protocol: IPv4.
Interface: WAN.
Remote Gateway: Kerio Connect external IP address.
Authentication Method: Mutural PSK.
Negotiation mode: Main.
My identifier: My IP address.
Peer identifier: My IP address.
Pre-Shared Key: generate random Key.
Encryption Algoritm: 3DES - SHA1 - 5(1536 bit) - select more stronger, like in Kerio Control.
Lifetime (Seconds): 10800.
Disable rekey:No.
Margintime: Empty.
Responder Only: empty (if Kerio will active, select this checkbox).
NAT Traversal: Auto.
Dead Peer Detection: No.
Phase2:
Mode: Tunnel IPv4.
Local Network: Address/Subnet за pfSense.
NAT/BINAT translation: None.
Remote Network: Network/Address за Kerio Control.
Protocol: ESP
Encryption Algoritms: AES128 - SHA1 - select more stronger, like in Kerio Control.
PFSkey group: Off.
Lifetime: 3600.
Automatically ping host: IP address behind Kerio, if needed.
Status - IPsec - Connect.
Configure NAT (if manual) and firewall (if needed).
Passive.
Type:IPsec.
Preshared key: pfsense random key.
Local ID: Kerio Control external IP address.
Remote ID: pfSense external IP address.
Phase 1: 3des-sha1-modp1536 - change to more stronger and repeat with pfSense.
Phase 2: aes128-sha1 - change to more stronger and repeat with pfSense.
Remote networks: pfSense local networks.
Local networks: Kerio Control local networks.
Confirure traffic policy.
pfSense side:
Phase1:
Key Exchange version: IKEv1.
Internet Protocol: IPv4.
Interface: WAN.
Remote Gateway: Kerio Connect external IP address.
Authentication Method: Mutural PSK.
Negotiation mode: Main.
My identifier: My IP address.
Peer identifier: My IP address.
Pre-Shared Key: generate random Key.
Encryption Algoritm: 3DES - SHA1 - 5(1536 bit) - select more stronger, like in Kerio Control.
Lifetime (Seconds): 10800.
Disable rekey:No.
Margintime: Empty.
Responder Only: empty (if Kerio will active, select this checkbox).
NAT Traversal: Auto.
Dead Peer Detection: No.
Phase2:
Mode: Tunnel IPv4.
Local Network: Address/Subnet за pfSense.
NAT/BINAT translation: None.
Remote Network: Network/Address за Kerio Control.
Protocol: ESP
Encryption Algoritms: AES128 - SHA1 - select more stronger, like in Kerio Control.
PFSkey group: Off.
Lifetime: 3600.
Automatically ping host: IP address behind Kerio, if needed.
Status - IPsec - Connect.
Configure NAT (if manual) and firewall (if needed).
0 коммент.:
Отправить комментарий