Adding an IPsec VPN Connection

Purpose: Add a site-to-site IPsec VPN connection to establish IPsec tunnels between Cloud Edge gateways or third-party devices.

Location: Gateways > (gateway name) > Site-to-Site VPN > Connections

For more information about supported site-to-site VPN topologies and configuration steps for implementing those topologies see:


When you finish configuring a Site-to-Site VPN connection, you cannot modify the local network or remote network settings. If you want to change the local networks or remote networks after you save the configuration, you must delete the existing Site-to-Site VPN connection and create a new connection with the desired settings.

  1. Click Add.

    The Add/Edit IPSec connection window opens.

  2. Specify the IPsec connection parameters.

    Enable IPSec connection

    Select ON to enable the tunnel.


    Type a name to identify the IPsec VPN tunnel.

    Interface name

    Select the interface name from the drop-down list.


    Select the desired method for specifying the gateway:

    IP address: Specify the gateway IP address.

    Gateway name: Select an available gateway from the drop-down list.


    You can select either IP address or Gateway name if the VPN device is Cloud Edge. If the VPN device is a third-party device, you must choose IP address.

    Local ID

    Enter a text string for Local ID. Cloud Edge uses the Local ID to help identify which gateways are local in the topology.

    Remote ID

    Enter a text string for Remote ID. Cloud Edge uses the Remote ID to help identify which gateways are remote in the topology.

    Add local networks

    Select the local network or add a new address object.

    Add remote networks

    Select the remote network or add a new address object.

    Authentication type

    Select Preshared key or RSA key from the drop-down list.

    For Preshared key

    Specify the key and confirm it.

    If Preshared Key is selected, specify the pre-shared key in Key and confirm it in Confirm key. Cloud Edge uses the key to authenticate itself to the remote peer or dial-up client. Make sure to define the same value at the remote peer or client. The key must contain at least six printable characters and should be known only by network administrators. For optimum protection against currently known attacks, the key should consist of a minimum of 16 randomly chosen alphanumeric characters.

    Policy name

    Select the policy name from the drop-down list, either Default or a specific policy, that applies to the IPsec tunnel.


    Configure non-default IPsec policies at Gateway > Site-to-site VPN > Policies. See Adding an IPsec Policy.

  3. Click Save.