How to Add an IPsec VPN Tunnel
To add an IPsec VPN tunnel, log into the Dashboard and click Secure Tunnels > IPSec > ‘Add IPSec Tunnel’.
You will see a new window on the right-hand side of the screen asking you for the following details:
- Enable - Ensure this is toggled ON to enable your IPSec tunnel.
- Name - This is just the display name for the tunnel in the Dashboard. Name it something meaningful to you.
- Local IP or FQDN - It is recommended to use the Public IP address of the Meter Security Appliance. This can be found under Hardware > Security Appliances.
- Remote IP or FQDN - It is recommended to use the Public IP address of the remote gateway.
- Initiator - If enabled the Meter Security Appliance will be the initiator of the IPsec tunnel. If left off the Meter Security Appliance will assume a role automatically.
- Preshared key - Must match on both ends of the IPSec tunnel.
- Remote Networks - The subnets on the other end of the IPSec tunnel that should be accessible.
- Local networks - Select the VLANs you want accessible over the IPSec tunnel.
- Bound WAN port - Choose the WAN interface you want the IPsec tunnel to operate over by default. Note: The local IP or FQDN should match the configured IP on your selected WAN port.
Default Tunnel Settings for Meter IPSec Tunnels
- IKEv2 - Only IKEv2 is supported
- Encryption:
- Phase 1: aes128/SHA256/DH group2
- Phase 2: aes128/SHA256/DH group2
- PFS - Enabled/DH group2
- Dead Peer Delay - 30 seconds
- Dead Peer Detection Timeout - 60 seconds
- Dead Peer Action - Restart
- IKE lifetime - 8 hours
Comments
0 comments
Please sign in to leave a comment.