Dear Valued Customer, We are upgrading our customer portal to enhance your experience. For Support, please send mail on support@seqrite.com Thank you for your patience and understanding. Best regards, Seqrite

How-To Articles

How to establish a Site-to-Site IPSec VPN connection using RSA keys in UTM

18-02-2020 23:25:25

Overview

In order to achieve more secured IPSec VPN tunnel, We can use RSA key’s to establish an IPSec VPN Connectivity with other VPN peer.

IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite. It is used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host).

Seqrite Firewall’s IPsec VPN offers site-to-site VPN with cost-effective site-to-site remote connectivity.

This article describes a detailed demonstration of how to set up a site-to-site IPsec VPN connection between the two networks using RSA Keys to authenticate VPN peers.

Scenario

Site A Configuration

To create an IPSec Site to Site VPN, 

Go to VPN > IPSec > Click on Site to Site.

Step 1:-  Enable the VPN Server and Click on the { + } sign for creating VPN configuration

Step 2: - Configuration:- SiteA_to_SiteB

 Parameter

Value

Description

Connection Name

SiteA_to_SiteB

Name to identify the IPSec Connection.

Network Interface

120.30.20.1

Select your Public IP. This is a WAN interfaces that you have configured in the Interface section.

Remote Server IP

100.10.20.1

Enter the Remote Server Public IP.

Local Networks

192.168.1.0 /24

In Local Networks field, choose the local LAN created earlier.

Remote Networks

192.168.2.0 /24

 In Remote Networks field, choose the remote LAN created earlier.

IKE Version

IKEv1 / IKEv2

Select the same IKE version for both side.

Authentication Type : 

Set the Authentication Type to RSA key.


The local RSA Public key is loaded automatically.
You need to copy and paste the Remote RSA Public key from Site B in Seqrite UTM.

Advanced Options 

Encryption Algorithm : 3DES
Authentication Algorithm: MD5
Key Group (DH): 2 (DH1024)
Select same Encryption Algorithm, Authentication Algorithm and the Key Group for Phase 1 and Phase 2 settings.
Note: This setting should be same as configured on the SiteB

Click on Apply to create the connection.

Step 3:- To Activate created IPSec connection switch “ON” the connection.

Note:  Tunnel is still not active, Now you need to Configure Site B device.

Site B Configuration

 Parameter 

Value 

Description 

Connection Name 

SiteB_to_SiteA

Name to identify the IPSec Connection.

Network Interface

100.10.20.1

Select your Public IP. This is a WAN interfaces that you have configured in the Interface section.

Remote Server IP 

120.30.20.1

Enter the Remote Server Public IP.

Local Networks 

192.168.2.0 /24

Enter the Local LAN Network address.

Remote Networks 

192.168.1.0 /24

Enter the Remote LAN Network address.

IKE Version 

IKEv1 / IKEv2

Select the same IKE version for both side.

Authentication Type : RSA Key

Set the Authentication type to RSA key.


The SiteB local RSA Public key is loaded automatically.
You need to copy and paste the SiteA
RSA Public key from SiteA Seqrite UTM.

Advanced Options 

Encryption Algorithm : 3DES
Authentication Algorithm: MD5
Key Group (DH): 2 (DH1024)
Select same Encryption Algorithm, Authentication Algorithm and the Key Group for Phase 1 and Phase 2 settings.
Note: This setting should be same as configured on the SiteA

Click on Apply to create the connection.

We have to allow any services in interzone settings / custom rules as per your requirement to access over the IPSec tunnel.

Allow services in below four VPN rules

 1. LAN -VPN 

 2. VPN-LAN

 3. UTM-VPN

 4. VPN-UTM

Go to Firewall > Interzone Rules > and allow the services.

To Activate created IPSec connection switch “ON” the connection.

  • Under the Connections status Active indicates that the IPSec VPN is successfully established.

Verification of live Logs : Click on Live Logs 

Site A Tunnel status: Active

Ping Verification from Site A:

Ping Verification from Site B: 

Please contact Seqrite Technical Support for more assistance.