| delivering for business and government macquarietelecom.

com

VPN Form
Customer name: {Insert Customer Name Here} Project ID: {Insert Project ID Here} Filled By: {customer name here} Date: {dd/mm/yyyy} Version: 1

MCT End-point To be filled by Engineer Notes

Device Type Device location Device IP (VPN Termination) Device Networks to Encrypt {Cisco ASA/JuniperSSG/JuniperSRX} {Intellicentre1/Intellicentre2/Intellicentre1colo} 125.xxx.xxx.xxx 192.168.10.0/24 10.10.10.0/28 Specify Device Location of Device Default GW where the VPN tunnel will terminate/originate Local networks to be Available via this VPN tunnel

Customer End-point To be filled by Customer Notes

Device Type Device location Device IP (VPN Termination) Device Networks to Encrypt {Cisco ASA/JuniperSSG/JuniperSRX} xxx.xxx.xxx.xxx 192.168.100.0/24 10.100.100.0/24 Specify Device Location of Device Default GW where the VPN tunnel will terminate/originate networks to be Available via this VPN tunnel

MANAGED HOSTING CLOUD HOSTING DATA & INTERNET VOICE & MOBILE 1
Version 1.1 - Changed 21/06/2012 - Revision 0 Security: Macquarie Customer Use only

| delivering for business and government macquarietelecom.com VPN Properties IKE Phase I
Authentication Mode Key Exchange Encryption (DES, 3DES, AES128, AES192, AES256) Hash (MD5,SHA1) DH Group (1,2,5) IKE Lifetime Dead Peer Detection Keepalive interval (1 to 3600 seconds) Retry interval (2 to 60 seconds) Nat Traversal Pre-Shared Key Pre-shared key 3DES SHA1 Group 2 86400 Sec (24 Hrs) No N/A N/A Yes 4fttwEY5f5 Lifetime of the VPN connection Required for Cisco/Juniper Interoperability If required specify value If required specify Value Turned on or off. Default Yes Shared key to authenticate the tunnel

Notes
Type of VPN

IPSEC Phase II
ESP Encryption (DES, 3DES, AES128, AES192, AES256) Authentication (MD5,SHA) IPSec SA Lifetime PFS 3DES SHA 86400 Sec (24 Hrs) No

Notes
Type of VPN

Perfect forwarding

Firewall Rules Expand as needed Source Destination Action Application/port Protocol

192.168.10.10 192.168.10.11 192.168.100.22 192.168.100.10 10.10.10.0/24 192.168.10.0/24 192.168.100.22 192.168.100.10 192.168.10.10 192.168.10.11 10.100.100.0/24 192.168.20.0/24 Permit Permit Permit Permit Permit DENY Icmp, ssh,smtp FTP Icmp, ssh,smtp FTP RDP 161 UDP

MANAGED HOSTING CLOUD HOSTING DATA & INTERNET VOICE & MOBILE 2
Version 1.1 - Changed 21/06/2012 - Revision 0 Security: Macquarie Customer Use only

| delivering for business and government macquarietelecom.com

How to fill this form

The form has most default values already filled in. These can be used as a guide to fill the form correctly. The Form has 4 sections. Section 1 MCT Endpoint This section is for the VPN device configuration in the hosted MCT side of the firewall. This will be filled by the Engineer. Section 2 Customer Endpoint This section is for the VPN device configuration on the Customer side of the firewall/VPN device. This is to be filled by the customer Section 3 VPN properties This section is where all the VPN properties rules are defined. Mostly filled with default values. Change as needed only. The only required section here, if not changing default values, is the pre-shared key. Section 4 Firewall Rules This section is where all the require firewall rules are defined. Note that if this section is not filled it will be assumed that the rules between the networks is any-any. Leave blank if all is allowed. Once the form is filled out send to the PM/Engineer for review.

MANAGED HOSTING CLOUD HOSTING DATA & INTERNET VOICE & MOBILE 3
Version 1.1 - Changed 21/06/2012 - Revision 0 Security: Macquarie Customer Use only