![]() |
Virtual Private Network (VPN) enables a secured communication between the console server and a remote network by utilizing a gateway and creating a secured connection between the console server and the gateway. IPSec is the protocol used to construct the secure tunnel. IPSec provides encryption and authentication services at the IP level of the protocol stack.You can use the form to add a VPN connection or edit one already in the list. When you click the Edit or Add buttons, a New/Modify Connection form appears, as shown in the following figure. The form displays different fields depending on whether RSA Public Keys or Shared Secret is selected.The remote gateway is referred to as the Remote or Right host and the console server is referred to as the Local or Left host. If left and right are not directly connected, then you must also specify a NextHop IP address.The next hop for the remote or right host is the IP address of the router to which the remote host or gateway running IPSec sends packets when delivering them to the left host. The next hop for the left host is the IP address of the router to which the console server sends packets to for delivery to the right host.A Fully Qualified Domain Name in the ID fields for both the Local (‘Left’) host and the Remote (‘Right’) host where the IPSec negotiation takes place should be indicated.The following table describes the fields and options on the form. Check with your system administrator who defined and configured the security protocols, if needed. The information must match exactly on both ends, local and remote.
Any descriptive name you wish to use to identify this connection such as MYCOMPANYDOMAIN-VPN. The authentication protocol used, either ESP (Encapsulating Security Payload) or AH (Authentication Header). This is the hostname that a local system and a remote system use for IPSec negotiation and authentication. It can be a fully qualified domain name preceded by @. For example, hostname@xyz.com The router through which the console server (on the left side) or the remote host (on the right side) sends packets to the host on the other side. NOTE: Use CIDR notation. The IP number followed by a slash and the number of ‘one’ bits in the binary notation of the netmask. For example, 192.168.0.0/24 indicates an IP address where the first 24 bits are used as the network address. This is the same as 255.255.255.0. RSA Key (If RSA Public Keys is selected) You need to generate a public key for the console server and find out the key used on the remote gateway. You can use copy and paste to enter the key in the RSA Key field. Pre-Shared Secret (If Shared Secret is selected) To enable VPN, make sure that IPSec is enabled through the security profile section.
1. Go to Security - Security Profile. The Security Profiles screen appears.
2. To enable IPSec, click on Custom. The Security Custom Profile dialog box opens.
4. Click on OK.
5. Click on Apply Changes.
6. To add a VPN Connection, click the Add button. The New/Modify Connection dialog box appears.
8.
9.
a. Enter the fully qualified domain name of the hosts in the ID fields. These are the hostnames where the IPSec negotiation and authentication happens. For example, hostname@xyz.com.
c.
d. Enter the netmask for the subnet in the Subnet fields in CIDR notation. For example, 192.168.0.0/24 which translates to 255.255.255.0.
e. If RSA Key is selected, generate the key for the console server (left host) and find out the key from the remote gateway (right host). You can use copy and paste to enter the key in the RSA Key field.
f. If Shared Secret is selected, enter the shared secret in the Pre-Shared Secret field.
11.
12. Click OK.
13. Click apply changes.