Overview
Internet Protocol Security generally called as IPsec. IP Security (IPSec) provides a secure way to authenticate senders and encrypt IP version 4 (IPv4) and version 6 (IPv6) traffic between network devices. IPSec offers network administrators and their users the benefits of data confidentiality, data integrity, sender authentication, and anti-replay services. IPSec is increasingly becoming a critical component in today’s contemporary IP networks.
IPSec is a framework for ensuring secure private communication over IP networks and is based on standards developed by the International Engineering Task Force (IETF). The original IETF specifications are in RFC-1825 through RFC-1827, which published in 1995.
IPSec provides security services at the network layer of the Open Systems Interconnection (OSI) model by enabling a system to select required security protocols, determine the algorithms to use for the security services, and implement any cryptographic keys required to provide the requested services.
Seqrite UTM allows you to configure IPsec VPN, which establishes a tunnel between a main servers (may be Head Office) and a client server (may be Branch Office) and allows data to be sent through it. IPSec a pre-shared key is used to establish a tunnel, which helps the data to be encrypted and decrypted and prevents snooping.
Applicable Version: All
Scenario
We have to configure Site-Site IPSec VPN between Site A and Site B.
Configuration
To create a new IPSec connection, go to VPN > IPSec > Site to Site.
Step 1: Enable the VPN Server and Click on the { + } sign for creating VPN configuration
Step 2: Configure a site-to-site IPSec VPN connection between Site A and Site B by following the steps.
Site A Location:
Parameter | Value | Description |
Connection Name | Site A To Site B | Name to identify the IPSec Connection. |
Network Interface | 123.178.9.222 | Select your Public IP. This is a WAN interfaces that you have configured in the Interface section. |
Remote Server IP | 102.107.179.77 | Enter the Remote Server Public IP. |
Local Networks | 192.168.1.0 /24 | Enter the Local LAN Network address. |
Remote Networks | 192.168.3.0 /24 | Enter the Remote LAN Network address. |
IKE Version | IKEv1 / IKEv2 | Select the same IKE version for both side. |
Authentication Type : PSK | admin@123 | The PSK or Pre-Shared Key is a shared secret key. Note: You need to share this key with the remote network user. |
Advanced Options | Encryption Algorithm : 3DES | Select the SAME Encryption Algorithm, Authentication Algorithm and the Key Group for Phase 1 and Phase 2. These details are used for encryption process. Phase I allows the handshake or authentication. Phase II creates the actual tunnel. Note : This setting should be the same on the Remote Server. |
Click on Apply to create the connection.
To Activate created IPSec connection switch “ON” the connection from Site A
Site B Location:
Parameter | Value | Description |
Connection Name | Site B To Site A | Name to identify the IPSec Connection. |
Network Interface | 102.107.179.77 | Select your Public IP. This is a WAN interfaces that you have configured in the Interface section. |
Remote Server IP | 123.178.9.222 | Enter the Remote Server Public IP. |
Local Networks | 192.168.3.0 /24 | Enter the Local LAN Network address. |
Remote Networks | 192.168.1.0 /24 | Enter the Remote LAN Network address. |
IKE Version | IKEv1 / IKEv2 | Select the same IKE version for both side. |
Authentication Type : PSK | admin@123 | The PSK or Pre-Shared Key is a shared secret key. Note : You need to share this key with the remote network user. |
Advanced Options | Encryption Algorithm : 3DES | Select the SAME Encryption Algorithm, Authentication Algorithm and the Key Group for Phase 1 and Phase 2. These details are used for encryption process. Phase I allows the handshake or authentication. Phase II creates the actual tunnel. Note : This setting should be the same on the Remote Server. |
Click Apply to create the connection.
To Activate created IPSec connection switch “ON” the connection from Site B.
Under the Connection status Active indicates that the connection is successfully established.
Verification Steps:
We have done verification by following three ways.
1. Live Logs: You can view the live logs of IPSec VPN connections, by clicking the live logs button and filtering the required type. These logs indicate the current status of Remote IP Sec VPN service. You can export these logs to a file or select and stop a particular session using the Stop button.
2. CMD Prompt : Once VPN is successfully established, open the command prompt and ping the remote side local network. You will get successfully reply.
3. Remote Desktop : Open the remote desktop application and take the RDP of remote side network. If you are able to take remote access then it’s indicates that RDP service is working properly via VPN.
Please contact Seqrite Technical Support for more assistance.