Anonymous - Mobile Users - Stormshield SN series Configuration Manual

Encryption profile
Comments
The additional option Keepalive allows artificially maintaining mounted tunnels. This mechanism
sends packets that initialize the tunnel and force it to be maintained. This option is disabled by
default to avoid wasting resources, especially in the case of a configuration containing many
tunnels set up at the same time without any real need for them.
This option is only valid for site-to-site tunnels . It can be enabled by selecting the value
Keepalive in the Columns menu, which appears when you move the mouse over the header of
the columns in the table.
Keepalive
Checking the policy in real time
The window for editing IPSec policy rules has a "Check policy" field (located below the table),
which warns the administrator whenever there are inconsistencies or errors in the rules created.
Example:
IPSec policy.
Anonymous – Mobile users
A video from Stormshield Network's WebTV on YouTube will guide you step by step in the
configuration of a secure connection between one of your sites and an IPSec VPN client. Click on
this link to access the video:
Stormshield Network IPSec VPN
A video will explain how to configure a secure connection between one of your sites and an
®
Apple mobile client. Click on this link to access the video:
iPad.
The IPSec VPN has two endpoints: the tunnel endpoint and the traffic endpoint. For anonymous
or mobile users, the IP address of the tunnel's endpoint is not known in advance.
As for the IP address of the traffic endpoint, it can either be chosen by the peer ("classic" case) or
given by the gateway ("Config mode").
Name of the mobile configuration
By default, the drop-down list will display the message "no peer found". VPN policy creation
wizards allow creating mobile peers. The procedure is as follows:
Add
Select the VPN policy in which you wish to set up a tunnel. Policy creation wizards will guide you
in this configuration. If you wish to create the mobile peer through the wizard, please refer to the
chapter "Creating a mobile peer" below.
It is possible to define VPN client settings (Config mode) for mobile users through the Config mode
policy creation wizard.
Page 166/448
This option allows selecting the protection model associated with your VPN policy, from
3 preconfigured profiles: StrongEncryption, GoodEncryption and Mobile. Other profiles
can be created or modified in the tab Encryption profiles.
Description given of the VPN policy.
To enable this option, assign a value other than 0, corresponding to the interval in
seconds, between each UDP packet sent.
[gateway policy at line 2] - Different IKE versions cannot be used in the same
Secure connections between a Stormshield Network firewall and
client.
SNS - USER CONFIGURATION MANUAL V.3
Connecting securely from iPhone &
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
IPSEC VPN