Table of Contents
Advertisement
Creating IPSec tunnels
Adding the CA to the list of trusted CAs
In the menu Configuration > VPN > IPSec VPN, select
the Identification tab.
Under Approved certificate authorities, click on Add
and select your CA then save.
Creating IPSec peers
In the menu Configuration > VPN > IPSec VPN, select
the Peers tab. Click on Add.
The wizard will then ask you to select the remote
gateway. In this case, this gateway will be the public
address of the first remote IPS-Firewall (object Pub_
FW_Site_A).
By default, the name of the peer will be created by
adding a prefix "Site_" to this object name; this name
can be customized. Press Enter.
Next, select the Certificate method.
Click on the magnifying glass next to the Certificate
field and select the one corresponding to the main
IPS-Firewall. The Trusted CA field is automatically
entered by the certificate.
The wizard will display a summary of the peer you have just created. Click on Finish to close this
window. Click again on Finish to close the wizard.
Repeat all the steps to create the IPSec peer for remote site B.
Selecting the encryption policy and adding the VPN tunnel
In the menu Configuration > VPN > IPSec VPN, select the Encryption policy – Tunnels tab. Select
the encryption policy you wish to configure; you can rename it later by clicking on Edit.
Next, click on Add to define the IPSec tunnels. Select
the Star configuration model.
A wizard will automatically launch:
Page 408/448
SNS - USER CONFIGURATION MANUAL V.3
HOW TO: IPSEC VPN - AUTHENTICATION BY CERTIFICATE
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
- Quick Links:
- Administrator Management
Hide quick links:
Advertisement
Table of Contents
