Skip to main content
Support

Secure Tunnels > IPSec [Adding an IPSec Tunnel on the Meter Security Appliance]

Evan L'Heureux
  • Updated

Who can Modify this Feature?

  • Partner
  • Company/Network Admins with write access
  • Meter Support

How to Add an IPsec VPN Tunnel

To add an IPsec VPN tunnel, log into the Dashboard and click Secure Tunnels > IPSec > ‘Add IPSec Tunnel’.

You will see a new window on the right-hand side of the screen asking you for the following details:

  • Enable - Ensure this is toggled ON to enable your IPSec tunnel.
  • Name - This is just the display name for the tunnel in the Dashboard. Name it something meaningful to you.
  • Local IP or FQDN - It is recommended to use the Public IP address of the Meter Security Appliance. This can be found under Hardware > Security Appliances.
  • Remote IP or FQDN - It is recommended to use the Public IP address of the remote gateway.
  • Initiator - If enabled the Meter Security Appliance will be the initiator of the IPsec tunnel. If left off the Meter Security Appliance will assume a role automatically.
  • Preshared key - Must match on both ends of the IPSec tunnel.
  • Remote Networks - The subnets on the other end of the IPSec tunnel that should be accessible.
  • Local networks - Select the VLANs you want accessible over the IPSec tunnel.
  • Client VPN Bound - If enabled, users connected to the client VPN will also be able to traverse over the IPsec tunnel.
  • Bound WAN port - Choose the WAN interface you want the IPsec tunnel to operate over by default. Note: The local IP or FQDN should match the configured IP on your selected WAN port.
  • Partner Type (optional) - If connecting to AWS or Azure, select your respective partner type. If multiple tunnels with the same remote subnet to AWS or Azure exist, this setting should be used.

Default Tunnel Settings for Meter IPsec Tunnels

  • IKEv2 - Only IKEv2 is supported
  • Encryption:
    • Phase 1: aes128/SHA256/DH group2
    • Phase 2: aes128/SHA256/DH group2
    • PFS - Enabled/DH group2
  • Dead Peer Delay - 30 seconds
  • Dead Peer Detection Timeout - 60 seconds
  • Dead Peer Action - Restart
  • IKE lifetime - 8 hours

Tunnel Types

General IPsec tunnels are policy-based only. The remote end also needs to be using a policy-based tunnel to establish. AWS and Azure tunnel types are 'IPIP' tunnels that will be able to connect to route-based tunnels to AWS or Azure.

-

If you have any questions about setting up your IPsec tunnels or need further assistance, feel free to contact Meter Support at support@meter.com or submit a ticket at meter.com/support.




    Related articles

    Comments

    0 comments

    Please sign in to leave a comment.