Configuring IPsec Settings

This chapter describes how to enable IPsec, configuring basic settings and access control.

  1. Open the Remote Access > IPsec > Connections tab.

  2. Click New IPsec Remote Access Rule.

    The Add IPsec Remote Access Rule dialog box opens.

  1. Make the following settings:

    Name: Enter a descriptive name for this connection.

    Interface: Select the network interface which is used as the local endpoint of the IPsec tunnel.

    Local networks: Select the local networks that should be reachable to the client.

    Note – If you wish the IPsec-connected users to be allowed to access the Internet, you need to select Any in the Local networks dialog box. Additionally, you need to define appropriate Masquerading or NAT rules.

    Virtual IP pool: The default settings assign addresses from the private IP space 10.242.4.x/24. This network is called the VPN Pool (IPsec). If you wish to use a different network, simply change the definition of the VPN Pool (IPsec) on the Definitions & Users > Network Definitions page.

    Policy: Select an already defined policy (in this example: AES-256). Or you can use the IPsec > Policies tab to define your own policies.

    Cross Reference – Creating new IPsec policies is described in the UTM administration guide in Chapter Remote Access.

    Authentication type: IPsec remote access supports authentication based on CA DN match, Preshared key, and X.509 certificate. The settings in this section depend on the authentication type:

    Automatic firewall rules: If selected, once the VPN tunnel is successfully established, the firewall rules for the data traffic will automatically be added. After the connection is terminated, the firewall rules are removed. If unselected, you need to define the firewall rules manually (see below).

    Comment (optional): Add a description or other information about the IPsec connection.

  1. Click Save.

    Your settings will be saved.

  1. Enable the IPsec rule.

    You can enable the rule now or later after completing the whole UTM configuration.

    Click the toggle switch in front of the rule to activate the rule.

    The toggle switch turns green. The IPsec remote access rule is active now.

Cross Reference – More detailed information on the configuration of a remote access and detailed explanations of the individual settings can be found in the UTM administration guide in chapter Remote Access.

© 2019 Sophos Limited Sophos UTM 9.600