Table of Contents
Advertisement
Create an IKEv2
peer
Local network
Remote network Host, host group, network or network group accessible through the IPSec tunnel with the
Star configuration
This procedure consists of directing several VPN tunnels to a single point. It allows, for example,
linking agencies to a central site.
Page 164/448
You can also add gateways using the button
Name: you can specify a name for your gateway or keep the peer's original name, which
will be prefixed with "Site_" ("Site_<name of object>").
Selecting None as a peer allows generating policies without encryption. The aim is to create
an exception to the following rules of the encryption policy. Traffic matching this rule will be
managed by the routing policy.
Click on Next.
Identifying the peer:
2 choices are possible, identification via Certificate or by Pre-shared key (PSK). Select the
desired option.
1. If you have selected Certificate, you will need to select it from those you have
previously created in the Certificates and PKI module.
The certificate to enter here is the one presented by the firewall and not the one
presented by the remote site. A certificate authority can also be added.
2. If you have selected Pre-shared key (PSK), you will need to define the secret that
both peers of the IPSec VPN tunnel will share, in the form of a password to be
confirmed in a second field.
You can Enter the key in ASCII characters (every character in ASCII text is stored in a byte
th
whose 8
is 0) by selecting the relevant option.
Unselect the option to view the key in hexadecimal characters (which is based on 16 digits:
the letters A to F and numbers 0 to 9).
NOTE
To define an ASCII pre-shared key that is sufficiently secure, it is absolutely
necessary to follow the same rules for user passwords set out in the chapter
Welcome, under the section User awareness, sub-section User password
management.
Click on Next.
Finish creating the peer:
The screen will show you a window summarizing the configuration that was made, the
Parameters of the remote site and the Pre-shared key.
You can also add a backup peer by clicking on the link provided. You will need to define a
remote gateway.
Click Finish.
The steps are the same as the ones in creating an IKEv1 peer.
Host, host group, network or network group that will be accessible via the IPSec VPN tunnel.
peer.
SNS - USER CONFIGURATION MANUAL V.3
.
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
IPSEC VPN
- Quick Links:
- Administrator Management
Hide quick links:
Advertisement
Table of Contents
