Overview


Internet Protocol Security generally called as IPsec. IP Security (IPSec) provides a secure way to authenticate senders and encrypt IP version 4 (IPv4) and version 6 (IPv6) traffic between network devices. IPSec offers network administrators and their users the benefits of data confidentiality, data integrity, sender authentication, and anti-replay services. IPSec is increasingly becoming a critical component in today’s contemporary IP networks.


IPSec is a framework for ensuring secure private communication over IP networks and is based on standards developed by the International Engineering Task Force (IETF). The original IETF specifications are in RFC-1825 through RFC-1827, which published in 1995.


IPSec provides security services at the network layer of the Open Systems Interconnection (OSI) model by enabling a system to select required security protocols, determine the algorithms to use for the security services, and implement any cryptographic keys required to provide the requested services.


Seqrite UTM allows you to configure IPsec VPN, which establishes a tunnel between a main servers (may be Head Office) and a client server (may be Branch Office) and allows data to be sent through it. IPSec a pre-shared key is used to establish a tunnel, which helps the data to be encrypted and decrypted and prevents snooping.


Scenario


We have to configure Site-Site IPSec VPN between Site A and Site B.



Configuration


To create a new IPSec connection, go to VPN > IPSec > Site to Site.



Step 1: Enable the VPN Server and Click on the { + } sign for creating VPN configuration



Step 2: Configure a site-to-site IPSec VPN connection between Site A and Site B by following the steps.


Site A Location: 


 Parameter

Value

Description

Connection Name

Site A To Site B

Name to identify the IPSec Connection.

Network Interface

123.178.9.222

Select your Public IP. This is a WAN interfaces that you have configured in the Interface section.

Remote Server IP

102.107.179.77

Enter the Remote Server Public IP.

Local Networks

192.168.1.0 /24

Enter the Local LAN Network address.

Remote Networks

192.168.3.0 /24

Enter the Remote LAN Network address.

IKE Version

IKEv1 / IKEv2

Select the same IKE version for both side.

Authentication Type : PSK 

admin@123

The PSK or Pre-Shared Key is a shared secret key.

Note: You need to share this key with the remote network user.

Advanced Options 

Encryption Algorithm : 3DES

Authentication Algorithm : MD5

Key Group (DH) : 2 (DH1024)

Select the SAME Encryption Algorithm, Authentication Algorithm and the Key Group for Phase 1 and Phase 2.
 
These details are used for encryption process.  Phase I allows the handshake or authentication. Phase II creates the actual tunnel.
 
Note : This setting should be the same on the Remote Server.




Click on Apply to create the connection.


To Activate created IPSec connection switch “ON” the connection from Site A


 


Site B Location: 


 Parameter 

Value 

Description 

Connection Name 

Site B To Site A

Name to identify the IPSec Connection.

Network Interface

102.107.179.77

Select your Public IP. This is a WAN interfaces that you have configured in the Interface section.

Remote Server IP 

123.178.9.222

Enter the Remote Server Public IP.

Local Networks 

192.168.3.0 /24

Enter the Local LAN Network address.

Remote Networks 

192.168.1.0 /24

Enter the Remote LAN Network address.

IKE Version 

IKEv1 / IKEv2

Select the same IKE version for both side.

Authentication Type : PSK 

admin@123

The PSK or Pre-Shared Key is a shared secret key.

Note : You need to share this key with the remote network user.

Advanced Options 

Encryption Algorithm : 3DES

Authentication Algorithm : MD5

Key Group (DH) : 2 (DH1024)

Select the SAME Encryption Algorithm, Authentication Algorithm and the Key Group for Phase 1 and Phase 2.
 
These details are used for encryption process.  Phase I allows the handshake or authentication. Phase II creates the actual tunnel.
 
Note : This setting should be the same on the Remote Server.



Click Apply to create the connection.


To Activate created IPSec connection switch “ON” the connection from Site B.



Under the Connection status Active indicates that the connection is successfully established.


Verification Steps: 


We have done verification by following three ways.


1. Live Logs: You can view the live logs of IPSec VPN connections, by clicking the live logs button and filtering the required type. These logs indicate the current status of Remote IP Sec VPN service. You can export these logs to a file or select and stop a particular session using the Stop button.



2. CMD Prompt : Once VPN is successfully established, open the command prompt and ping the remote side local network. You will get successfully reply. 



3. Remote Desktop : Open the remote desktop application and take the RDP of remote side network. If you are able to take remote access then it’s indicates that RDP service is working properly via VPN.


For assistance please write us @ UTMSupport@Seqrite.com