1. A public static IP address is required on the Internet connection. The DSL or cable modem must be in bridged mode and not doing NAT or routing functions.

2. If the firewall or router is also to be used as a wireless access point, be sure that it assigns wired and wireless clients to the same IP subnet. Separate wireless access points are recommended over routers or firewalls that also have wireless capability.

3. The VPN router must support a true IPSEC gateway-to-gateway tunnel (not just pass-through) using AES-128 encryption.

4. The VPN configuration parameters are as follows:

Our gateway: 216.115.92.133 Mode: Main (not Aggressive)
Phase 1: AES128, SHA, DH Group 2, Lifetime 28800
Phase 2: AES128, SHA, DH Group 2, Lifetime 3600, PFS Enabled
Selector policy for interesting traffic: Your assigned subnet (172.AA.BBB.0/26) <-> Our Subnet (192.168.5.96/27)
(We will provide numeric values for "AA" and "BBB" when we configure your connection at our data center.)

Note that this means the local LAN will have to be re-addressed to be on the assigned subnet. Alternatively, if your firewall supports it, you can use policy-based NAT and retain your current IP schema.

Also note that the assigned subnet for your site has a 26-bit mask, allowing 62 addresses. If your site has (or plans to have) multiple clinics, this makes it possible to easily add tunnels without any reconfiguration at either our end or yours. We can make up to 254 addresses available on request.

5. Please send us your public IP address and we will shoot you a shared key.