Enable IPSec VPN option
- The IPSec VPN option allows you to build IPsec VPN tunnels to third-party locations.
- If you ordered an External VPN Connection package, enable it as follows.
Restrictions
- Unlike other VPNs, an IPSec VPN cannot have an Internet connection.
- IPSec VPN connections to DMZ, is not possible.
- The remote VPN gateway can always reach the DMZ over the Internet.
Configuration: VPN Tunnel
-
In the EC Dashboard, click VPN
-
Then click on the Create new IPSec VPN tab to create a new site-to-site tunnel
-
Naming the VPN connection
-
IP address of the remote gateway
-
Set the encryption protocol (IKE protocol) to use, crypto proposal, and shared secret for IPsec Phase 1.
- All parameters must be configured congruently for a fault-free connection on both the Enterprise Connect page and the remote station
- in phase 1 the two VPN gateways exchange information about the encryption algorithms they support and then establish a temporary secure connection to exchange authentication information.
-
Confirm with good sign
-
Save the configuration
Configuration: Define VPN target networks
- The Phase 2 parameters define the algorithms that the firewall unit can use to encrypt and transmit data for the rest of the session.
- Additional settings must be made for IPSec Phase 2.
- For connectivity to your target network, you have the option to add network prefixes to your IPSec VPN.
- You can choose different encryptions for Phase 1 and Phase 2.
- After setting up the IPSec VPN parameters in the EC Dashboard, a new window appears in the dashboard under VPN with the name of your newly created IPSec VPN (see figure below).
- You can now proceed to set up the IPSec VPN on the remote gateway.
- In the IP address box, enter the IP address that appears in the Service Loopback Address (see figure below).
-
Save the configuration
-
By sending the shopping cart, the configuration is activated