Advanced Device Configuration > Address Configuration for Connected Devices > Example 2: Two Private Subnets and VPN Configuration > IPSec VPN Configuration for Example 2

IPSec VPN Configuration for Example 2
After the private subnets, device, and user account configuration in Two Private Subnets and User Configuration for Example 2 is completed, a VPN connection must be created. This example shows the configuration steps that must be performed by the OnBoard administrator and by a user on a remote workstation for enabling two IPSec VPN connections. One connection supports the IPSec VPN tunnel from the user’s workstation to “sp1” and “sp2.” The second connection supports the IPSec VPN tunnel to “sp3” and “sp4.”
The OnBoard administrator must also do the following to enable an IPSec client to access the private subnets where the devices reside:
Obtain the IP address of the user’s workstation and use it to create two named IPSec connections (“connSub1” and “connSub2”) with the following values specified:
Note: The user can test whether the user’s workstation can access the OnBoard by entering the OnBoard’s public IP address in a browser to try to bring up the Web Manager.
The other IPSec configuration parameters (such as Authentication protocol and Boot action) would be determined by the site’s policy, equipment compatibility, and site routing requirements.
Note: In some circumstances (for example, if packets are being blocked by a firewall on the client’s default gateway), the user’s workstation and the OnBoard are not going to be able to exchange packets. Setting one or both of the Right and Left nexthop parameters to the IP address of a host route and selecting “Add and route” as the boot action may be needed to create a route that allows the two endpoints to communicate.
The following screen example shows the configuration on the Web Manager Network Æ VPN connections: IPSec Add new connection dialog for a connection named “connSub1,” with the values specified from the above list. Configuration of “connSub2” would be similar, with a different “Connection name” and “Left subnet values.”
Example 2: IPSec Connection Configuration for Access to sub1 Private Subnet and “sp1” and “sp2” Devices
In addition, the OnBoard administrator must do the following to enable the IPSec client to access the subnets where the devices reside.:
The OnBoard administrator can send a copy of the relevant portions of the ipsec.conf file after the changes are saved and applied in the Web Manager for the user to insert into the ipsec.conf file on the user’s workstation.
The authorized user must do the following to enable the IPSec client running on the user’s workstation to bring up the VPN tunnel to access the subnets where the devices reside, and then to access the native IP features on the devices.
Use the same values used by the OnBoard administrator to create an IPSec VPN connection profile on the user’s workstation.
If the OnBoard administrator sends the relevant portions of the ipsec.conf file from the OnBoard’s IPSec configuration, use it to replace the same section in the workstation’s ipsec.conf file.
Depending on the platform and IPSec client being used, the user may use a GUI or execute the ipsec auto -up command. IPSec automatically creates the routes needed to get packets flowing through the tunnel, so neither the user nor the administrator need to create routes to support IPSec access to devices.
See Enabling Native IP and Accessing a Device’s Native Features Using Real IP Addresses for Example 2.

Advanced Device Configuration > Address Configuration for Connected Devices > Example 2: Two Private Subnets and VPN Configuration > IPSec VPN Configuration for Example 2