Configuring the IPSecuritas VPN Client for Mac

This is essentially the same setup as Example 2, except that IKE mode config is not enabled.

 

TMS zl Module

IPSecuritas VPN Client for Mac

  1. Select VPN > IPsec > IKEv1 Policies.

  2. Click Add IKE Policy.

  3. For IKE Policy Name, type remoteVPN.

  4. For IKE Policy Type, select Client-to-Site (Responder).

  5. For Local Gateway, select Use VLAN IP Address and select VLAN99 from the list.

  6. For Local ID, select IP Address from the Type list, then type 172.16.99.99 in the Value box.

 

Because you will select main mode in step 2 of 3, you must configure an IP address for Local ID.

  1. For Remote ID, select Email address from the Type list, then type *@procurveu.edu in the Value box.

  2. Click Next.

  3. Under IKE Authentication, configure these settings:

  1. For Key Exchange Mode, select Main Mode.

  2. For Authentication Method, select Preshared Key.

  3. In the Preshared Key and the Confirm Preshared Key boxes, type VPNtoCampus88.

  1. Under Security Parameters Proposal, configure following:

  1. For Diffie-Hellman (DH) Group, select Group 1 (768).

  2. For Encryption Algorithm, select DES.

  3. For Authentication Algorithm, select MD5.

  4. For SA Lifetime in seconds, type 28800 seconds.

  1. Click Next.

  2. Select Disable XAUTH and click Finish.

  3. Select Firewall > Access Policies > Addresses.

  4. Create a single-entry network address object for the local endpoints.

  1. For Name type localENDS.

  2. For Type, select Network.

  3. Select Single-entry and type 10.1.0.0/16.

  4. Click Apply.

  1. Create a single-entry network address object for the remote endpoints.

  1. For Name type remoteENDS.

  2. For Type, select Network.

  3. Select Single-entry and type 172.19.0.0/16.

  4. Click Apply.

  1. Create a single-entry IP address object for the local gateway.

  1. For Name type localVPNgate.

  2. For Type, select IP.

  3. Select Single-entry and type 172.16.99.99.

  4. Click Apply.

  1. Click Close.

  2. Select VPN > IPsec > IPsec Proposals.

  3. Click Add IPsec Proposal.

  4. For Proposal Name, type TUesp3dMD5.

  5. For Encapsulation Mode, select Tunnel Mode.

  6. For Security Protocol, select ESP.

  7. For Encryption Algorithm, select 3DES.

  8. For Authentication Algorithm, select MD5.

  9. Click OK.

  10. Select the IPsec Policies tab.

  11. Click Add IPsec Policy.

  12. For Policy Name, type RemoteVPN.

  13. Leave the Enable this policy check box selected.

  14. For Action, select Apply.

  15. The Direction field is inactive because you selected Apply in the previous step.

  16. For Position, type 1. This will prevent the default Bypass policy from overriding this policy.

  17. For Traffic Selector, configure these settings:

  18. For Protocol, select Any.

  19. For Local Address, type 10.1.0.0/16.

  20. For Remote Address, select remoteENDS.

  21. For Proposal, select TUesp3dMD5.

  22. Click Next.

  23. For Key Exchange Method, select Auto (with IKEv1).

  24. From the IKEv1 Policy list, select remoteVPN.

  25. Accept the default values and click Next.

  26. Clear the Enable IP Pool for IRAS (Mode Config) check box and click Next.

  27. Accept the default settings and click Finish.

  28. The IPsec policy is displayed in the VPN > IPsec > IPsec Policies window.

  29. Select Firewall > Access Policies > Unicast.

  30. Click Add a Policy.

  31. Permit IKE messages from the remote endpoints.

  1. For Action, accept the default: Permit Traffic.

  2. For From, select EXTERNAL.

  3. For To, select SELF.

  4. For Service, select isakmp.

  5. For Source, select, remoteENDS.

  6. For Destination, select localVPNGate.

  7. Select the Enable logging on this Policy check box.

  8. Click Apply.

  9. Click Close.

  1. Select Network > Routing > Static Routes.

  2. Click Add Static Route.

  3. For Destination Type, select Default Gateway.

  4. For Gateway Address, type 172.16.99.1.

  5. For Metric, accept the default: 0.

  6. Click OK.

  7. Click Add Static Route again.

  8. For Destination Type, select Network.

  9. For Destination Address, type 172.19.0.0/16.

  10. For Gateway Address, type 172.16.99.1.

  11. For Metric, type 1.

  12. Click OK.

  1. Launch IPSecuritas.

  2. From the IPSecuritas menu, select Connections > Edit Profiles.

  1. Click the Add Profile icon

  1. Rename the profile VPN-MainCampus and close the Profile Manager.

  1. From Profile, select VPN-MainCampus.

  1. Select Connections > Edit Connections.

  1. Click the Add Connection icon.

  2. Name the new connection Main Campus.

  1. On the General tab, configure the following:

  2. Remote IPSec Device172.16.99.99

  3. Local Side

  4. Endpoint ModeNetwork

  5. Network Address172.19.0.0

  6. Network Mask16

  7. Remote Side

  8. Endpoint ModeNetwork

  9. Network Address10.1.0.0

  10. Network Mask16

  1. Click the Phase 1 tab and configure the following:

  • Lifetime28800 Seconds

  • DH Group768 (1)

  • EncryptionDES

  • AuthenticationMD5

  • Exchange ModeMain

  1. Accept the other defaults.

  1. Click the Phase 2 tab and configure the following:

  2. Lifetime28800 Seconds

  3. PFS Group1024 (2)

  4. Encryption — Clear all entries except 3DES.

  5. Authentication — Clear all entries except HMAC MD5.

  1. Click the ID tab and configure the following:

  2. Local IdentifierUser FQDN and user101@procurveu.edu

  3. Remote IdentifierAddress

  4. Authentication MethodPreshared Key

  5. Preshared KeyVPNtoCampus88

  1. Click the Options tab and clear all of the check boxes except for the following:

  • IPSec DOI

  • SIT_IDENTITY_ONLY

  • Initial Contact

  • Unique SAs

  • IKE Fragmentation

  1. Accept the rest of the default settings.

  1. On the IPSecuritas main menu, select Preferences.

  1. Ensure that the Randomize and Exclusive Tail check boxes are selected, then close Preferences.

  1. To connect, select VPN—MainCampus for the Profile and select the Main Campus connection.

  2. Click Start.

  3. To make the VPN — MainCampus connection the default connection, click the IPSecuritas icon in the upper-right bar of your device's screen.

  1. Select VPN — MainCampus > Default.

  2. You can also start the VPN connection by clicking the IPSecuritas icon and selecting Start IPSec.

<< Return to the Example 2 start page