How to configure IPsec VPN
Introduction
This is a guide to create an IPsec VPN connection between your organization virtual data center and another site using the edge gateway IPsec VPN capabilities.
Prerequisites
Before you start you will need to have your peer/on-prem site details.
Peer Endpoint - IP address or FQDN of the peer/on-prem site
Peer Subnets - remote/on-prem network to which the VPN connects
Encryption Algorithm
Authentication
Procedure
Log in to https://portal.cloudist.se
Select Virtual Data Center and click on Virtual Datacenter name
Select the VDC that contains the edge gateway you want to configure
In the menu to the left, click Edges
Click on the edge you want to configure and note the IP address allocated to it
Click Services
Select the VPN tab and then the IPsec VPN tab
Select the IPsec VPN Sites tab
Click the + icon, complete the configuration
Click on the Activation Status tab
Enable the IPsec VPN Service Status
Once finished click Keep
Click Save changes
Configure the connection for the remote site. You must configure the IPsec VPN connection on both sides of the connection: your virtual data center and the peer site.
Field guide
Field | Description |
---|---|
Enable | Enable this connection between the two VPN endpoints. |
Enable perfect forward secrecy (PFS) | Enable this option to have the system generate unique public keys for all IPsec VPN sessions your users initiate. Enabling PFS ensures that the system does not create a link between the edge gateway private key and each session key. |
Name | (Optional) Enter a name for the connection. |
Local ID | Enter the external IP address of the edge gateway instance (which we noted earlier).. This is usually the same is the Local Endpoint |
Local Endpoint | The external IP of your edge gateway (as we noted earlier). |
Local Subnets | Enter the networks to share between the sites and use a comma as a separator to enter multiple subnets. Enter a network range (not a specific IP address) by entering the IP address using CIDR format. For example, 192.168.99.0/24. |
Peer ID | Enter a peer ID to uniquely identify the peer site. The peer ID is an identifier that uniquely identifies the remote device that terminates the VPN connection, typically its public IP address. For peers using certificate authentication, the ID must be the distinguished name in the peer's certificate. For PSK peers, this ID can be any string. Best practice is to use the remote device's public IP address or FQDN as the peer ID. If the peer IP address is from another organization virtual data center network, you enter the native IP address of the peer. If NAT is configured for the peer, you enter the peer's private IP address. |
Peer Endpoint | Enter the IP address or FQDN of the peer/on-prem site, which is the public-facing address of the remote device to which you are connecting. |
Peer Subnets | Enter the remote/on-prem network to which the VPN connects and use a comma as a separator to enter multiple subnets. Enter a network range (not a specific IP address) by entering the IP address using CIDR format. For example, 192.168.99.0/24. |
Encryption Algorithm | Select the encryption algorithm type from the drop-down menu. |
Authentication | Select the authentication method that is supported by your site |
Pre-Shared Key | If you selected PSK as the authentication type, type an alphanumeric secret string which can be a string with a maximum length of 128 bytes |
Diffie-Hellmann Group | Select the cryptography scheme that allows the peer site and this edge gateway to establish a shared secret over an insecure communications channel. |