VPN Mobile Client Creation
Go to Connectivity >> IPsec >> Tunnels
Check the check box that says 'Enable IPsec'
Go to Connectivity >> IPsec >> Tunnels >> Add Phase One Entry
Phase 1 proposal:
- Select Authentication Mode as Mutual PSK
- Choose the Negotiation Mode as Aggressive.
- Select My identifier as My IP Address.
- Select Peer identifier as Peer IP Address
- Enter Preshared key
- Leave Policy generation as Default.
- Leave Proposal checking as Default.
- Choose Encryption Algorithm as 3DES.
- Choose Hash Algorithm as SHA1.
- Select DH Key Group as 2.
- Give Lifetime in Seconds. If in doubt give 86400.
- Choose Authentication Method as Pre-Shared Key.
Phase 2 proposal:
- Choose 'Mode' as 'Tunnel'
- Enter Local Network
- Enter Remote Network
- Choose protocol as ESP
- Choose Encryption Algorithms 3DES, Blowfish, CAST128, Rjindael (AES)
- Choose Hash Algorithms SHA1 & MD5.
- Select PFS Key Group as 2
- Enter Lifetime in Seconds. If in doubt enter 3600.
- Click on Save and then Apply Changes.
After enabling IPsec it is necessary to create firewall rule to allow IPsec traffic through the interface. Go to Security >> Firewall >> IPsec to create the rule.