Table of Contents
Advertisement
Next, select the authentication method: select the method "Pre-shared
key (PSK)".
In the fields Pre-shared key (ASCII) and Confirmer, enter a complex
password that will be exchanged between both sites in order to set up
the IPSec tunnel, and then confirm.
To define a pre-shared key that is sufficiently secure, you are advised to do the following:
Example: 7f4V8!>Xdu.
The wizard will then show a summary of the peer that you have just created. Click on Finish to
close this window. Click again on Finish to close the wizard.
The IPSec tunnel is now defined on the main site:
The tunnel will be enabled automatically (Status "on").
Click on Enable this policy.
Creating filter rules
The VPN tunnel is meant to interlink two remote sites securely, but its purpose is not to filter traffic
between these two entities. Filter rules therefore need to be set up in order to:
Authorize only necessary traffic between identified source and destination hosts,
l
Optimize performance (host resources, internet access bandwidth) by preventing
l
unnecessary packets from setting up a tunnel.
In the menu Configuration > Security policy > Filtering and NAT, select your filter policy. In the
Filtering tab, click on the menu New rule > Standard rule.
For better security, you can create a more restrictive rule on the IPS-Firewall that hosts the
intranet server by specifying the source of the packets. To do so, when selecting the traffic
source, indicate the value "IPSec VPN tunnel" in the field Via (Advanced properties tab):
Page 399/448
NOTE
Keep to a minimum length of 8 characters,
l
Use uppercase and lowercase letters, numbers and special characters,
l
Do not use a word found in a dictionary for your password.
l
NOTE
SNS - USER CONFIGURATION MANUAL V.3
HOW TO: IPSEC VPN - AUTHENTICATION BY PRE-SHARED KEY
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
- Quick Links:
- Administrator Management
Hide quick links:
Advertisement
Table of Contents
