Network Menu & Forms > Network > VPN Connections

VPN Connections
VPN, or Virtual Private Network enables a secured communication between ACS and a remote network by utilizing a gateway, and creating a secured tunnel between ACS and the gateway. IPSec is the protocol used to construct the secure tunnel. IPSec provides encryption and authentication services at the IP level of the protocol stack.
When “VPN Connections” is selected under “Network”, the form shown in the following figure appears.
Expert > Network > VPN Connections
You can use the form to add a VPN connection or edit one that is already in the list. When you click the “Edit” or “Add” buttons, a “New/Modify Connection” form appears, as shown in the following figure. The form displays different fields depending on whether “RSA Public Keys” or “Shared Secret” are selected.
Expert > VPN “New/Modify Connection” Dialog Box
The remote gateway is referred to as the Remote or “Right” host, and the ACS is referred to as the Local or “Left” host. If left and right are not directly connected, then you must also specify a “NextHop” IP address.
The next hop for the remote or right host is the IP address of the router to which the remote host or gateway running IPSec sends packets when delivering them to the left host. The next hop for the left host is the IP address of the router to which the ACS sends packets to for delivery to the right host.
A Fully Qualified Domain Name in the “ID” fields for both the “Local (‘Left’)” host and the “Remote (‘Right’) host where the IPSec negotiation takes place should be indicated.
The following table describes the fields and options on the form. Check with your system administrator who defined and configured the security protocols, if needed. The information must match exactly on both ends, local and remote.
Expert > Field and Menu Options for Configuring a VPN Connection
Any descriptive name you want to use to identify this connection such as “MYCOMPANYDOMAIN-VPN.”
The authentication protocol used, either “ESP” (Encapsulating Security Payload) or “AH” (Authentication Header).
This is the hostname that a local system and a remote system use for IPSec negotiation and authentication. It can be a Fully Qualified Domain Name preceded by @. For example, hostname@xyz.com
The router through which the ACS (on the left side) or the remote host (on the right side) sends packets to the host on the other side.
Note: Use CIDR notation. The IP number followed by a slash and the number of ‘one’ bits in the binary notation of the netmask. For example, 192.168.0.0/24 indicates an IP address where the first 24 bits are used as the network address. This is the same as 255.255.255.0.
RSA Key (If RSA Public Keys is selected
You need to generate a public key for the ACS and find out the key used on the remote gateway. You can use copy and paste to enter the key in the “RSA Key” field.
Pre-Shared Secret (If “Shared Secret” is selected)
To Configure VPN
To enable VPN, make sure that IPSec is enabled through the security profile section.
1.
The Security Profiles screen appears.
Security > Security Profile screen
2.
The Security Custom Profile dialog box opens.
Security Custom Profile dialog
3.
4.
5.
6.
The “New/Modify Connection” dialog box appears.
7.
8.
9.
10.
a.
Enter the fully qualified domain name of the hosts in the “ID” fields. These are the hostnames where the IPSec negotiation and authentication happens. For example, hostname@xyz.com
b.
c.
Enter the IP address of the router through which the host’s packets reach the Internet in the “NextHop” fields.
d.
Enter the netmask for the subnet in the “Subnet” fields in CIDR notation. For example, 192.168.0.0/24 which translates to 255.255.255.0.
e.
If “RSA Key” is selected, generate the key for the ACS (left host) and find out the key from the remote gateway (right host). You can use copy and paste to enter the key in the “RSA Key” field.
f.
11.
12.
13.

Network Menu & Forms > Network > VPN Connections