This article describles how to setup an IPsec VPN tunnel. An IPsec VPN Tunnel consists of two phases:
Before setting up the tunnel
Before the tunnel can be set up both sides have to be clear on a bunch of tecnical details about the tunnel. WARNING: Almost all issues in setting up the tunnel happen if therse parameters are not perfectly aligned.
General:
Setting up the tunnel
At first we open the Branch Office Tunnels configuration.
Here you add a new tunnel and define the Routes. These are the Routes of the networks beeing connected in Phase 2.
We add these by clicking Add… Here we add the Lokal and the Remote private networks in CIDR notation (i.e. /24). We can add more Routes later on.
Afterwards we define a new gateway and enter the PSK.
Now switch to the Phase 1 Settings and configure:
Then we configure the Transform Settings:
Now we go back to General Settings and define the tunnel endpoints (phase 1).
Now we switch to the Phase 2 Settings, activate Perfect Forward Security and define the Diffie-Hellman Group. Now we just have to configure the Phase 2 Proposal:
Check if the tunnel comes up
If both parties have the EXACT same Phase 1/2 parameters set up the tunnel should come online. It looks like this in the System Manager.
Cheers, Ori