VPN Tunnel Creation
Go to Connectivity >> IPsec >> Tunnels
- Under 'Tunnels' check the 'Enable IPsec' check box and click on 'Save'
- To create a new IPsec tunnel click on 'Add New' button.
- Select WAN interface.
- At 'Local Subnet' enter local Network IP address, this is the Network to give access to VPN hosts.
- At 'Remote Subnet' enter IP address of the remote Network which will be connecting to the VPN.
- At 'Remote Gateway' enter public IP address of the remote Gateway.
- Enter a name or description for the Tunnel.
The Phase 1 (Authentication) of configuration will be done next. Options selected here and changes made should reflect in the remote VPN device.
- Select negotiation mode - Main for more security
- Choose and set an Identifier
- Choose an encryption mode - DES for low security 3DES for higher security.
- Choose a hash algorithm.
- Choose a DH key group.
- Enter key lifetime in seconds. Lower number for more security & less performance or higher number for more performance & less security.
- Choose authentication method - RSA signature for higher security. Pre Shared Key for ease of use.
- If the RSA signature is selected RSA certificates and keys should be generated and pasted in their respective fields. Remote hosts should have matching RSA certificates.
- If pre shared key is the preferred method then a key should be entered in the field for 'Pre Shared Key'. Remote VPN hosts should match this key.
The Phase 2 (SA/Key exchange) settings is to be configured next.
- Choose ESP as protocol.
- Choose encryption algorithm(s).
- Choose hash algorithm(s).
- Choose PFS key group.
- Enter lifetime in seconds.
- Enter IP address of the remote host to ping so as to keep the connection alive (optional).