-
How To Establish Site-to-Site IPSec VPN Connection using
Preshared key
Applicable Version: 10.00 onwards
Overview
IPSec is an end-to-end security scheme operating in the Internet
Layer of the Internet Protocol Suite. It is
used in protecting data flows between a pair of hosts
(host-to-host), between a pair of security gateways
(network-to-network), or between a security gateway and a host
(network-to-host).
Cyberoams IPSec VPN offers site-to-site VPN with cost-effective
site-to-site remote connectivity,
eliminating the need for expensive private remote access
networks like leased lines, Asynchronous
Transfer Mode (ATM) and Frame Relay. This article describes a
detailed configuration example that
demonstrates how to set up a site-to-site IPSec VPN connection
between the two networks using
preshared key to authenticate VPN peers.
Scenario
Configure a site-to-site IPSec VPN connection between Site A and
Site B by following the steps given
below. In this article, we have used the following parameters to
create the VPN connection.
Network Parameters
Local Network details Local Server (WAN IP address)
14.15.16.17
Local LAN address 10.5.6.0/24
Remote Network details Remote VPN server (WAN IP address)
22.23.24.25
Remote LAN Network 172.23.9.0/24
Site A Configuration
The configuration is to be done from Site As Cyberoam Web Admin
Console using profile having read-
write administrative rights for relevant feature(s).
How To Establish Site-to-Site VPN Connection
using Preshared Key
-
How To Establish Site-to-Site IPSec VPN Connection using
Preshared key
Step 1: Create IPSec Connection
To create a new IPSec connection, go to VPN > IPSec >
Connection and click Add. Create the
connection using the following parameters.
Parameter Description
Parameter Value Description
Name SiteA_to_SiteB Name to identify the IPSec Connection
Connection Type Site to Site
Select Type of connection.
Available Options:
Remote Access
Site to Site
Host to Host
Policy DefaultHeadOffice Select policy to be used for
connection
Action on VPN Restart Respond Only
Select the action for the connection.
Available options:
Respond Only
Initiate
Disable
Authentication details
Authentication Type Preshared Key Select Authentication Type.
Authentication of user
depends on the connection type.
Preshared Key 123456789 Preshared key should be the same as that
configured in
remote site.
Endpoints Details
Local PortB-14.15.16.17 Select local port which acts as
end-point to the tunnel
Remote 22.23.24.25 Specify IP address of the remote
endpoint.
Local Network Details
Local Subnet 10.5.6.0/24 Select Local LAN Address. Add and
Remove LAN
Address using Add Button and Remove Button
Remote Network Details
-
How To Establish Site-to-Site IPSec VPN Connection using
Preshared key
Remote LAN Network 172.23.9.0/24 Select Remote LAN Address. Add
and Remove LAN
Address using Add Button and Remove Button
Click OK to create IPSec connection.
-
How To Establish Site-to-Site IPSec VPN Connection using
Preshared key
Step 2: Activate Connection
On clicking OK, the following screen is displayed showing the
connection created above.
Click under Status (Active) to activate the connection.
Site B Configuration
The configuration is to be done from Site Bs Cyberoam Web Admin
Console using profile having read-
write administrative rights for relevant feature(s).
Step 1: Create IPSec Connection
To create a new IPSec connection, go to VPN > IPSec >
Connection and click Add. Create the
connection using the following parameters.
-
How To Establish Site-to-Site IPSec VPN Connection using
Preshared key
Parameter Description
Parameter Value Description
Name SiteB_to_SiteA Name to identify the IPSec Connection
Connection Type Site to Site
Select Type of connection.
Available Options:
Remote Access
Site to Site
Host to Host
Policy DefaultBranchOffice Select policy to be used for
connection
Action on VPN
Restart Initiate
Select the action for the connection.
Available options:
Respond Only
Initiate
Disable
Authentication details
Authentication Type Preshared Key Select Authentication Type.
Authentication of user
depends on the connection type.
Preshared Key 123456789 Preshared key should be the same as that
configured in
remote site.
Endpoints Details
Local PortB-22.23.24.25 Select local port which acts as
end-point to the tunnel
Remote 14.15.16.17 Specify IP address of the remote
endpoint.
Local Network Details
Local Subnet 172.23.9.0/24 Select Local LAN Address. Add and
Remove LAN
Address using Add Button and Remove Button
Remote Network Details
Remote LAN Network 10.5.6.0/24 Select Remote LAN Address. Add
and Remove LAN
Address using Add Button and Remove Button
-
How To Establish Site-to-Site IPSec VPN Connection using
Preshared key
Step 2: Activate and Establish Connection
On clicking OK, the following screen is displayed showing the
connection created above.
Click under Status (Active) and Status (Connection).
-
How To Establish Site-to-Site IPSec VPN Connection using
Preshared key
The above configuration establishes an IPSec connection between
Two (2) sites.
Note:
Make sure that Firewall Rules that allow LAN to VPN and VPN to
LAN traffic are configured.
In a Head Office and Branch Office setup, usually the Branch
Office acts as the tunnel initiator and Head
Office acts as a responder due to following reasons:
Since Branch Office or other Remote Sites have dynamic IPs, Head
Office is not able to initiate the
connection.
As there can be many Branch Offices, to reduce the load on Head
Office it is a good practise that
Branch Offices retries the connection instead of the Head Office
retrying all the branch office
connections.
Document Version: 2.1 22 February, 2014