VPN, or Virtual Private Network enables a secured communication between ACS and a remote network by utilizing a gateway, and creating a secured tunnel between ACS and the gateway. IPSec is the protocol used to construct the secure tunnel. IPSec provides encryption and authentication services at the IP level of the protocol stack.When “VPN Connections” is selected under “Network”, the form shown in the following figure appears.You can use the form to add a VPN connection or edit one that is already in the list. When you click the “Edit” or “Add” buttons, a “New/Modify Connection” form appears, as shown in the following figure. The form displays different fields depending on whether “RSA Public Keys” or “Shared Secret” are selected.The remote gateway is referred to as the Remote or “Right” host, and the ACS is referred to as the Local or “Left” host. If left and right are not directly connected, then you must also specify a “NextHop” IP address.The next hop for the remote or right host is the IP address of the router to which the remote host or gateway running IPSec sends packets when delivering them to the left host. The next hop for the left host is the IP address of the router to which the ACS sends packets to for delivery to the right host.A Fully Qualified Domain Name in the “ID” fields for both the “Local (‘Left’)” host and the “Remote (‘Right’) host where the IPSec negotiation takes place should be indicated.The following table describes the fields and options on the form. Check with your system administrator who defined and configured the security protocols, if needed. The information must match exactly on both ends, local and remote.
Any descriptive name you want to use to identify this connection such as “MYCOMPANYDOMAIN-VPN.” Authentication Protocol The authentication protocol used, either “ESP” (Encapsulating Security Payload) or “AH” (Authentication Header). Authentication method used, either “RSA Public Keys” or “Shared Secret.” This is the hostname that a local system and a remote system use for IPSec negotiation and authentication. It can be a Fully Qualified Domain Name preceded by @. For example, hostname@xyz.com The router through which the ACS (on the left side) or the remote host (on the right side) sends packets to the host on the other side. Note: Use CIDR notation. The IP number followed by a slash and the number of ‘one’ bits in the binary notation of the netmask. For example, 192.168.0.0/24 indicates an IP address where the first 24 bits are used as the network address. This is the same as 255.255.255.0. RSA Key (If RSA Public Keys is selected You need to generate a public key for the ACS and find out the key used on the remote gateway. You can use copy and paste to enter the key in the “RSA Key” field. Pre-Shared Secret (If “Shared Secret” is selected)
7. Enter any descriptive name you choose for the connection in the “Connection Name” field.
9. Select “Shared Secret” or “RSA Public Keys” from the “Authentication Method” pull-down menu.
a. Enter the fully qualified domain name of the hosts in the “ID” fields. These are the hostnames where the IPSec negotiation and authentication happens. For example, hostname@xyz.com
c. Enter the IP address of the router through which the host’s packets reach the Internet in the “NextHop” fields.
d. Enter the netmask for the subnet in the “Subnet” fields in CIDR notation. For example, 192.168.0.0/24 which translates to 255.255.255.0.
e. If “RSA Key” is selected, generate the key for the ACS (left host) and find out the key from the remote gateway (right host). You can use copy and paste to enter the key in the “RSA Key” field.
f. If “Shared Secret” is selected, enter the shared secret in the “Pre-Shared Secret” field.
12.