Overview
In order to achieve more secured IPSec VPN tunnel, We can use RSA key’s to establish an IPSec VPN Connectivity with other VPN peer.
IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite. It is used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host).
Seqrite Firewall’s IPsec VPN offers site-to-site VPN with cost-effective site-to-site remote connectivity.
This article describes a detailed demonstration of how to set up a site-to-site IPsec VPN connection between the two networks using RSA Keys to authenticate VPN peers.
Scenario
Site A Configuration
To create an IPSec Site to Site VPN,
Go to VPN > IPSec > Click on Site to Site.
Step 1:- Enable the VPN Server and Click on the { + } sign for creating VPN configuration
Step 2: - Configuration:- SiteA_to_SiteB
Parameter | Value | Description |
Connection Name | SiteA_to_SiteB | Name to identify the IPSec Connection. |
Network Interface | 120.30.20.1 | Select your Public IP. This is a WAN interfaces that you have configured in the Interface section. |
Remote Server IP | 100.10.20.1 | Enter the Remote Server Public IP. |
Local Networks | 192.168.1.0 /24 | In Local Networks field, choose the local LAN created earlier. |
Remote Networks | 192.168.2.0 /24 | In Remote Networks field, choose the remote LAN created earlier. |
IKE Version | IKEv1 / IKEv2 | Select the same IKE version for both side. |
Authentication Type : | Set the Authentication Type to RSA key. | The local RSA Public key is loaded automatically. You need to copy and paste the Remote RSA Public key from Site B in Seqrite UTM. |
Advanced Options | Encryption Algorithm : 3DES Authentication Algorithm: MD5 Key Group (DH): 2 (DH1024) | Select same Encryption Algorithm, Authentication Algorithm and the Key Group for Phase 1 and Phase 2 settings. Note: This setting should be same as configured on the SiteB |
Click on Apply to create the connection.
Step 3:- To Activate created IPSec connection switch “ON” the connection.
Note: Tunnel is still not active, Now you need to Configure Site B device.
Site B Configuration
Parameter | Value | Description |
Connection Name | SiteB_to_SiteA | Name to identify the IPSec Connection. |
Network Interface | 100.10.20.1 | Select your Public IP. This is a WAN interfaces that you have configured in the Interface section. |
Remote Server IP | 120.30.20.1 | Enter the Remote Server Public IP. |
Local Networks | 192.168.2.0 /24 | Enter the Local LAN Network address. |
Remote Networks | 192.168.1.0 /24 | Enter the Remote LAN Network address. |
IKE Version | IKEv1 / IKEv2 | Select the same IKE version for both side. |
Authentication Type : RSA Key | Set the Authentication type to RSA key. | The SiteB local RSA Public key is loaded automatically. You need to copy and paste the SiteA RSA Public key from SiteA Seqrite UTM. |
Advanced Options | Encryption Algorithm : 3DES Authentication Algorithm: MD5 Key Group (DH): 2 (DH1024) | Select same Encryption Algorithm, Authentication Algorithm and the Key Group for Phase 1 and Phase 2 settings. Note: This setting should be same as configured on the SiteA |
Click on Apply to create the connection.
We have to allow any services in interzone settings / custom rules as per your requirement to access over the IPSec tunnel.
Allow services in below four VPN rules
1. LAN -VPN
2. VPN-LAN
3. UTM-VPN
4. VPN-UTM
Go to Firewall > Interzone Rules > and allow the services.
To Activate created IPSec connection switch “ON” the connection.
Verification of live Logs : Click on Live Logs
Site A Tunnel status: Active
Ping Verification from Site A:
Ping Verification from Site B:
Please contact Seqrite Technical Support for more assistance.