-
Select VPN > IPsec > IKEv1 Policies.
-
Click Add IKE Policy.
-
For IKE Policy Name, type remoteVPN.
-
For IKE Policy Type, select Client-to-Site (Responder).
-
For Local Gateway, select Use VLAN IP Address and select VLAN99 from the list.
-
For Local ID, select IP Address from the Type list, then type 172.16.99.99 in the Value box.

|
Because you will select main mode in step 2 of 3, you must configure an IP address for Local ID.
|
-
For Remote ID, select Email address from the Type list, then type *@procurveu.edu in the Value box.
-
Click Next.
-
Under IKE Authentication, configure these settings:
-
For Key Exchange Mode, select Main Mode.
-
For Authentication Method, select Preshared Key.
-
In the Preshared Key and the Confirm Preshared Key boxes, type VPNtoCampus88.
-
Under Security Parameters Proposal, configure following:
-
For Diffie-Hellman (DH) Group, select Group 1 (768).
-
For Encryption Algorithm, select DES.
-
For Authentication Algorithm, select MD5.
-
For SA Lifetime in seconds, type 28800 seconds.
-
Click Next.
-
Select Disable XAUTH and click Finish.
-
Select Firewall > Access Policies > Addresses.
-
Create a single-entry network address object for the local endpoints.
-
For Name type localENDS.
-
For Type, select Network.
-
Select Single-entry and type 10.1.0.0/16.
-
Click Apply.
-
Create a single-entry network address object for the remote endpoints.
-
For Name type remoteENDS.
-
For Type, select Network.
-
Select Single-entry and type 172.19.0.0/16.
-
Click Apply.
-
Create a single-entry IP address object for the local gateway.
-
For Name type localVPNgate.
-
For Type, select IP.
-
Select Single-entry and type 172.16.99.99.
-
Click Apply.
-
Click Close.
-
Select VPN > IPsec > IPsec Proposals.
-
Click Add IPsec Proposal.
-
For Proposal Name, type TUesp3dMD5.
-
For Encapsulation Mode, select Tunnel Mode.
-
For Security Protocol, select ESP.
-
For Encryption Algorithm, select 3DES.
-
For Authentication Algorithm, select MD5.
-
Click OK.
-
Select the IPsec Policies tab.
-
Click Add IPsec Policy.
-
For Policy Name, type RemoteVPN.
-
Leave the Enable this policy check box selected.
-
For Action, select Apply.
-
The Direction field is inactive because you selected Apply in the previous step.
-
For Position, type 1. This will prevent the default Bypass policy from overriding this policy.
-
For Traffic Selector, configure these settings:
-
For Protocol, select Any.
-
For Local Address, type 10.1.0.0/16.
-
For Remote Address, select remoteENDS.
-
For Proposal, select TUesp3dMD5.
-
Click Next.
-
For Key Exchange Method, select Auto (with IKEv1).
-
From the IKEv1 Policy list, select remoteVPN.
-
Accept the default values and click Next.
-
Clear the Enable IP Pool for IRAS (Mode Config) check box and click Next.
-
Accept the default settings and click Finish.
-
The IPsec policy is displayed in the VPN > IPsec > IPsec Policies window.
-
Select Firewall > Access Policies > Unicast.
-
Click Add a Policy.
-
Permit IKE messages from the remote endpoints.
-
For Action, accept the default: Permit Traffic.
-
For From, select EXTERNAL.
-
For To, select SELF.
-
For Service, select isakmp.
-
For Source, select, remoteENDS.
-
For Destination, select localVPNGate.
-
Select the Enable logging on this Policy check box.
-
Click Apply.
-
Click Close.
-
Select Network > Routing > Static Routes.
-
Click Add Static Route.
-
For Destination Type, select Default Gateway.
-
For Gateway Address, type 172.16.99.1.
-
For Metric, accept the default: 0.
-
Click OK.
-
Click Add Static Route again.
-
For Destination Type, select Network.
-
For Destination Address, type 172.19.0.0/16.
-
For Gateway Address, type 172.16.99.1.
-
For Metric, type 1.
-
Click OK.
|
-
Launch IPSecuritas.
-
From the IPSecuritas menu, select Connections > Edit Profiles.

-
Click the Add Profile icon

-
Rename the profile VPN-MainCampus and close the Profile Manager.

-
From Profile, select VPN-MainCampus.

-
Select Connections > Edit Connections.

-
Click the Add Connection icon.
-
Name the new connection Main Campus.

-
On the General tab, configure the following:
-
Remote IPSec Device — 172.16.99.99
-
Local Side
-
Endpoint Mode — Network
-
Network Address — 172.19.0.0
-
Network Mask — 16
-
Remote Side
-
Endpoint Mode — Network
-
Network Address — 10.1.0.0
-
Network Mask — 16

-
Click the Phase 1 tab and configure the following:
-
Lifetime — 28800 Seconds
-
DH Group — 768 (1)
-
Encryption — DES
-
Authentication — MD5
-
Exchange Mode — Main
-
Accept the other defaults.

-
Click the Phase 2 tab and configure the following:
-
Lifetime — 28800 Seconds
-
PFS Group — 1024 (2)
-
Encryption — Clear all entries except 3DES.
-
Authentication — Clear all entries except HMAC MD5.

-
Click the ID tab and configure the following:
-
Local Identifier — User FQDN and user101@procurveu.edu
-
Remote Identifier — Address
-
Authentication Method — Preshared Key
-
Preshared Key — VPNtoCampus88

-
Click the Options tab and clear all of the check boxes except for the following:
-
IPSec DOI
-
SIT_IDENTITY_ONLY
-
Initial Contact
-
Unique SAs
-
IKE Fragmentation
-
Accept the rest of the default settings.

-
On the IPSecuritas main menu, select Preferences.

-
Ensure that the Randomize and Exclusive Tail check boxes are selected, then close Preferences.

-
To connect, select VPN—MainCampus for the Profile and select the Main Campus connection.
-
Click Start.
-
To make the VPN — MainCampus connection the default connection, click the IPSecuritas icon in the upper-right bar of your device's screen.

-
Select VPN — MainCampus > Default.
-
You can also start the VPN connection by clicking the IPSecuritas icon and selecting Start IPSec.
|