Accessing the OnBoard and Connected Devices > Creating a VPN Tunnel > VPN Through IPSec Connections

VPN Through IPSec Connections
For an IPSec VPN connection, the following authentication information is required:
The ESP and AH authentication protocols (also called “encapsulation methods”) are supported. RSA Public Keys and Shared Secret are also supported.
If the RSA public key authentication method is chosen, the generated keys are different on each end. When shared secret is used, the secret is shared on both ends.
Note: How to choose an encapsulation method or authentication method and generate the required keys is outside the scope of this document.
The OnBoard administrator needs to give the user a copy of the configuration parameters used to configure the IPsec connection profiles on the OnBoard, usually by providing a copy of the relevant portions of the ipsec.conf file, which the user can insert the ipsec.conf file on the user’s workstation.
To Create an IPSec VPN Tunnel
The authorized user must do the following to enable the IPSec client running on the user’s workstation to bring up the VPN tunnel to enable access native IP features on a device or devices.
1.
a.
Test whether your workstation can access the OnBoard by entering the OnBoard’s public IP address in a browser to try to bring up the Web Manager.
b.
2.
If the OnBoard administrator sends the relevant portions of the ipsec.conf file from the OnBoard’s IPSec configuration, use it to replace the same section in your workstation’s ipsec.conf file.
3.
Depending on the platform and IPSec client being used, you may use a GUI to create the IPSec VPN connection or execute the ipsec auto -up commend.
4.
To Enable Native IP Access Through an IPSec VPN Tunnel
Note: The OnBoard administrator must provide the appropriate IP address to use in this procedure, which is not the same as the public IP address assigned to the OnBoard’s public interface. (The IP address is either the OnBoard side IP address configured for the private subnet where the device resides or a virtual IP address configured for the OnBoard.)
1.
See To Create an IPSec VPN Tunnel or To Create a PPTP VPN Tunnel if needed.
2.
a.
b.
c.
d.
3.
To enable native IP access using the ssh command, perform the following steps.
a.
Enter the ssh command with the following syntax: ssh -t username:@OnBoard_privateIP
The following command line example shows user “AllSPs” with an OnBoard virtual IP address of 172.20.0.1.
b.
c.
d.

Accessing the OnBoard and Connected Devices > Creating a VPN Tunnel > VPN Through IPSec Connections