Device Configuration : Configure : VPN : IPsec Connections
IPsec Connections
IPSec Connections page allows you to create and manage IPSec Connections.
IP Security (IPSec) is a suite of protocols designed for cryptographically secure communication at the IP layer (layer 3).
IPSec protocols:
Authentication Header (AH) – Used for the authentication of packet senders and for ensuring the integrity of packet data. The Authentication Header protocol (AH) checks the authenticity and integrity of packet data. In addition, it checks that the sender and receiver IP Addresses have not been changed in transmission. Packets are authenticated using a checksum created by using a Hash-based Message Authentication Code (HMAC) in connection with a key.
Encapsulating Security Payload (ESP) – Used for encrypting the entire packet and for authenticating its contents. In addition to encryption, the ESP offers the ability to authenticate senders and verify packet contents.
IPSec Connections
The Connection page displays list of all the IPSec connections. You can filter the list based on policy name, failover group name, policy name, connection type, status of the connection, local subnet, remote subnet, remote gateway, local ID, or remote ID. The page also provides option to add a new connection, update the parameters of the existing policy, or delete a policy. Page also provides option to create a connection manually or through connection wizard. In case of Remote Access Connection export the connection configuration by clicking Export icon under the Manage column.
* You can also view and manage active IPSec connections on the System > Current Activity > IPsec Connections page. (Only at appliance level)
The page displays status of each connection as follows:
Connection Status
Connection is active but not connected. Click to initiate the connection.
Connection is active and connected. Click to disconnect the connection. When you disconnect, connection will be deactivated and to re-establish the connection, activate connection.
Connection is active but partially connected. Click to disconnect the connection. When multiple subnets are configured for LAN and/or remote network, Device creates sub-connection for each subnet. This status indicates that one of the sub-connections is not active.
Connection is deactive. Click to activate the connection.