Device Configuration : Configure : VPN : IPsec Connections : Connection : Add IPSec Remote Access Connection
Add IPSec Remote Access Connection
Page describes how you can create an IPSec Remote Access Connection
1. Go to Device Configuration > Configure > VPN > IPSec Connections and click Add under IPSec Connections. Select Connection Type as Remote Access.
2. Enter the parameter values as below.
General Settings
Name
Specify a unique name to identify IPSec Connection.
Description
Provide description for IPSec VPN Connection.
Connection Type
Select Remote Access.
Policy
Select policy to be used for connection.
Policy can also be added by clicking on “Create New” link.
Action on VPN Restart
Select the Action to be taken on the connection when VPN services or Device restarts.
Available Options
Respond Only – Keeps connection ready to respond to any incoming request.
Disable – Keeps connection disabled till the user activates.
Authentication Details
Authentication Type
Select Authentication Type. Authentication of user depends on the type of connection.
Available Options:
* Preshared Key
Preshared Key authentication is a mechanism whereby a single key is used for encryption and decryption. Both the peers should possess the Preshared Key. Remote peer uses the Preshared Key for decryption. On selecting this option the user shall require to provide the following details:
Preshared Key – Specify the Preshared Key to be used. Preshared Key should be of minimum 5 characters.
Confirm Preshared Key – Provide the same Preshared Key to confirm it.
This Preshared Key will have to be shared or communicated to the peer at the remote end. At the remote end, client will have to specify this key for authentication.
If there is a mismatch in the key, user will not be able to establish the connection.
* Digital Certificate
Digital Certificate authentication is a mechanism whereby sender and receiver both use Digital Certificate issued by the Certificate Authority. Both sender and receiver must have each other’s Certificate Authority.
Local Certificate – Select the local certificate that should be used for authentication by the Device.
Remote Certificate – Select the remote certificate that should be used for authentication by remote peer.
Endpoint Details
Local
Select Local WAN port from the list.
IP Aliases created for WAN interfaces will be listed along with the default WAN interfaces.
Remote
Specify an IP Address or domain name of the remote peer.
Network Detail
IP Family
IP family will be enabled automatically according to the IP selected in Local WAN port.
Local Subnet
Select Local LAN Address.
Add and Remove LAN Address using Add Button and Remove Button.
Local ID
For Preshared Key and RSA Key, select any type of ID from the available options and specify its value.
Available Options:
* DNS
* IP Address
* Email Address
DER ASN1 DN(X.509)
* In case of Local Certificate, ID and its value is displayed automatically as specified in the Certificate.
Allow NAT Traversal
Enable NAT traversal if a NAT device is located between your VPN endpoints i.e. when remote peer has private/non-routable IP Address.
At a time only one connection can be established behind one NAT-box.
Remote LAN Network
Select IP Hosts from the list of IP Hosts available. You can also add a new IP Host and include in the list by clicking on “Add New Item” link.
Remote ID
For Preshared Key and RSA Key, select any type of ID from the available options and specify its value.
Available Options:
* DNS
* IP Address
* Email Address
DER ASN1 DN(X.509)
* In case of Local Certificate, ID and its value is displayed automatically as specified in the Certificate.
User Authentication
User Authentication Mode
Select whether User Authentication is required at the time of connection or not from the available options.
Available Options:
Disabled – Click Disable if user authentication is not required.
Enable as Client – If enabled as client, specify username and password.
Enable as Server – If enabled as server, add all the users which are to be allowed to connect.
Quick Mode Selectors
Protocol
Select all the protocols that are to be allowed for negotiations.
Tunnel will pass only that data which uses the specified protocol.
Available Options:
* All
* ICMP
* UDP
* TCP
Local Port
Specify Local Port number that the local VPN peer uses to transport the traffic related to TCP or UDP protocol.
Local port Range: 1 – 65535
To specify any local port, enter *.
Remote Port
Specify Remote Port number that the remote VPN peer uses to transport the traffic related to TCP or UDP protocol.
Local port Range: 1 – 65535
To specify any local port, enter *.
Advanced Settings
Disconnect when tunnel is idle
Click this option to allow Device to delete an Idle VPN Session if it exceeds the specified Idle session time interval.
Default - Disable
Idle session time interval (Only if Disconnect when tunnel is idle option is “Enabled”)
Specify the time limit after which an Idle VPN Session will be deleted by Device.
Acceptable Range - 120 to 999
3. Click Save to create connection.