t_adding_ipsec_connections
Use the IPSec Connections page to set up the parameters to establish IPSec VPN tunnels between Deep Edges.
Before you begin, make sure that your Ethernet interfaces and routers are configured properly.
Go to Network > Site-to-site VPN > Connections.
Click Add New Connections.
The Add/Edit IPsec Connections dialog box appears.
Enter the following parameters:
Name—Type a name to identify the IPsec tunnel.
Enable—Check the check box to enable the tunnel.
Gateway type—Select Initiate (active) or Response (passive) role of the IPsec tunnel.
Interface Name—Select the interface name from the drop-down list (eth0, eth1, etc.)
Policy Name—Select the policy name from the drop-down list, either Default or a specific policy, that will apply to the IPsec tunnel.
Configure non-default IPsec policies at Network > Site-to-site VPN > Policies.
Authentication type—Select Preshared key or RSA key from the drop-down menu.
For Preshared Key—Enter the key and confirm it.
If you selected Pre-shared Key, type the pre-shared key that Deep Edge will use to authenticate itself to the remote peer or dialup client. You must define the same value at the remote peer or client. The key must contain at least 6 printable characters and should be known only by network administrators. For optimum protection against currently known attacks, the key should consist of a minimum of 16 randomly chosen alphanumeric characters.
For RSA key—Enter the public key.
If you selected RSA key, select the name of the server certificate that Deep Edge will use to authenticate itself to the remote peer.
VPN ID—Input the local IP address if the IPsec gateway is behind a NAT device.
Add the IP address and Netmask for either local networks (under Add Local Networks) or Remote Networks (under Add Remote Networks.)
Click OK.
Verify the new IPsec connection is list at Network > Site-to-site VPN > Connections.
See also: