After the private subnets, device, and user account configuration in Virtual Network and Device Configuration for Example 3 is completed, a VPN connection must be created. With a virtual network, only one IPSec VPN connection must be configured to create the IPSec VPN tunnel from the user’s workstation to “sp1,” “sp2,” and “sp3,” which are on both private subnets in example 3.Configuration of “connSub2” would be still be needed as in IPSec VPN Configuration for Example 2, because the only way a user could contact “sp4” would be through the private subnet IP.The values used for enabling an IPSec VPN connection are the same as in IPSec VPN Configuration for Example 2, except the OnBoard administrator must configure the Left subnet: by entering 172.20.4.0/22 to configure the connection to the virtual network.The following screen example shows the configuration on the Web Manager Network Æ VPN connections: IPSec Add new connection dialog for a connection named “connVirt,” with the values specified from the previous paragraph.Example 3: IPSec Connection Configuration for Access to sub1 Private Subnet and “sp1” and “sp2” DevicesAs in the earlier example, the OnBoard administrator must do the following to enable the IPSec client to access the subnets where the devices reside:
• Give the user a copy of the parameters used to configure the IPSec connection profiles on the OnBoard.The OnBoard administrator can send a copy of the relevant portions of the ipsec.conf file after the changes are saved and applied in the Web Manager for the user to insert into the ipsec.conf file on the user’s workstation.The authorized user must do the following to enable the IPSec client running on the user’s workstation to bring up the VPN tunnel to access the subnets where the devices reside, and then to access the native IP features on the devices.
• Use the same values used by the OnBoard administrator to create an IPSec VPN connection profile on the user’s workstation.If the OnBoard administrator sends the relevant portions of the ipsec.conf file from the OnBoard’s IPSec configuration, use it to replace the same section in the workstation’s ipsec.conf file.
• Bring up the IPSec VPN tunnel. For accessing “sp1,” “sp2,” or “sp3,” the user can use the connVirt connection profile. For accessing “sp4”, the user uses the “connSub2” connection profile.