138 CHAPTER 9: CONFIGURING VIRTUAL PRIVATE NETWORK SERVICESSetting up theGroupVPN SecurityAssociation1 Click on VPN on the left hand side of the screen and then on theSummary tab.a Ensure that the Enable VPN checkbox is ticked.b Click the Update button to save any changes you have made.2 Click on the Configure tab.a Select GroupVPN from the Security Association drop-down box.b Select IKE using pre-shared secret from the IPSec Keying Modedrop-down boxc Ensure that the Disable This SA checkbox is not ticked.3 If you want to use a RADIUS server to authenticate users tick the RequireXAUTH/RADIUS checkbox and set up the Firewall for a RADIUS server asdetailed in “Configuring the Firewall to use a RADIUS Server” onpage 132.4 If you do not have a RADIUS server or do not wish to use your RADIUSserver to authenticate users ensure that the Require XAUTH/RADIUScheckbox is not ticked.5 Set the SA Life time (secs) field to 28000.6 If you want extremely high security select the Strong Encrypt andAuthenticate option from the Encryption Method drop-down boxotherwise select Encrypt and Authenticate.7 Enter an alphanumeric string of up to 30 characters into the SharedSecret field. As the security of your VPN tunnel depends on the sharedsecret pick something that cannot easily be guessed such as a string ofnumbers and letters.8 Click the Export button and save the resulting file to a safe place.Consider this file as one of the keys to your network and keep it in a safeand private place.9 Click the Update button to save the changes you have made.DUA1611-0AAA02.book Page 138 Thursday, August 2, 2001 4:01 PM