IPSEC VPN Configuration
Summary
Internet Protocol Security (IPsec) is a protocol that provides protection by using authentication and encryption for each packet in communications provided using Internet Protocol (IP). IPsec has the authority to perform mutual verification and key changes during the session. It is used to protect the data flow between two computers, between the two networks and between a network and a computer.
Network Topology
Configuration
Firstly, click the IPSEC VPN Settings under the VPN Management menu.
Click “Add” button, on the opened page.
| Terminal Information | Description |
|---|---|
Connection Name |
Any name is entered for the IPsec Vpn connection. |
Status |
Active / Passive state is set. |
Source IP |
Enter the Antikor WAN IP. |
Destination IP |
Enter the Target IP. |
| ID Configuration | Description |
|---|---|
Source ID Type |
If IP Addres selected, the IP that is written on the source IP is valid. |
Source ID |
If Domain FQDN selected, related IP is written. |
Destination ID Type |
If IP Address selected, the IP that is written on the target IP is valid. |
Destination ID |
If Domain FQDN selected, related IP is written. |
| Phase 1 | Description |
|---|---|
Swap Mode |
According on the settings entered on the target the main, base or aggressive is selected. |
Encrytption Algorithm |
According on the settings entered on the target the des, 3des etc. is selected. |
Hash Algorithm |
According on the settings entered on the target the sha1, md5, sha254 etc. is selected. |
Authentication Method |
Must be the same as Key entered on target side. |
DH Group |
Setting be according to the DH group entered in the destination. |
Pre-shared Key |
Pre-shared Key must be the same as the target. |
| Phase 2 | Description | |||
|---|---|---|---|---|
PFS Group |
Editing is made according to the settings entered in the target. | |||
Encryption Algorithm |
According on the settings entered on the target the des, 3des etc. is selected. | |||
Authentication Algorithm |
According on the settings entered on the target the hmacsha1, hmacmd5 etc. is selected. | Compression Algorithm |
Deflate is selected. |
After making the necessary adjustments, click the Accesses button to write the internal IPs that need to communicate.
After the necessary settings are made on the antibody side, Ipsec VPN Service is started from the Dashboard.
Target Side Configuration
The modem was used as the target.
The Modem and Antikor v2 settings must be the same.
Troubleshooting
1) After the settings are made, start the VPN-IPsec on the Dashboard.
Connection status can be seen with ipsecDebug command in Antikor SSH. For example ;
As seen in the picture, there is a problem for Phase 1. Check the Phase 1 settings for the Antikor and the modem.
2) After all necessary settings have been provided, ping should be discarded. Bağlantı resmi ;
ePati Cyber Security Co.
Mersin Üniversitesi Çiftlikköy Kampüsü
Teknopark İdari Binası Kat:4 No: 411
Posta Kodu: 33343
Yenişehir / Mersin / TURKEY
Web: www.epati.com.tr
e-Mail: info@epati.com.tr
Tel: +90 324 361 02 33
Fax: +90 324 361 02 39