The ESP and AH authentication protocols (also called “encapsulation methods”) are supported. RSA Public Keys and Shared Secret are also supported.If the RSA public key authentication method is chosen, the generated keys are different on each end. When shared secret is used, the secret is shared on both ends.Note: How to choose an encapsulation method or authentication method and generate the required keys is outside the scope of this document.The OnBoard administrator needs to give the user a copy of the configuration parameters used to configure the IPsec connection profiles on the OnBoard, usually by providing a copy of the relevant portions of the ipsec.conf file, which the user can insert the ipsec.conf file on the user’s workstation.The authorized user must do the following to enable the IPSec client running on the user’s workstation to bring up the VPN tunnel to enable access native IP features on a device or devices.
a. Test whether your workstation can access the OnBoard by entering the OnBoard’s public IP address in a browser to try to bring up the Web Manager.
b. If a network or host route is needed to enable communications with the OnBoard, configure the route.
2. Create an IPSec VPN connection profile on your workstation, using the values supplied by the OnBoard administrator.If the OnBoard administrator sends the relevant portions of the ipsec.conf file from the OnBoard’s IPSec configuration, use it to replace the same section in your workstation’s ipsec.conf file.Depending on the platform and IPSec client being used, you may use a GUI to create the IPSec VPN connection or execute the ipsec auto -up commend.To Enable Native IP Access Through an IPSec VPN TunnelNote: The OnBoard administrator must provide the appropriate IP address to use in this procedure, which is not the same as the public IP address assigned to the OnBoard’s public interface. (The IP address is either the OnBoard side IP address configured for the private subnet where the device resides or a virtual IP address configured for the OnBoard.)
a. Enter the private IP address or virtual IP address assigned to the OnBoard in a browser.
3. To enable native IP access using the ssh command, perform the following steps.
a. The following command line example shows user “AllSPs” with an OnBoard virtual IP address of 172.20.0.1.