After the private subnets, device and user account configuration in Two private subnets and user configuration for example 2 is completed, a VPN connection must be created. This example shows the configuration steps that must be performed by the OnBoard appliance administrator and by a user on a remote workstation for enabling two IPSec VPN connections
. One connection supports the IPSec VPN tunnel from the user’s workstation to sp1 and sp2. The second connection supports the IPSec VPN tunnel to sp3 and sp4.
Figure D.9 shows the configuration on the Network-VPN connections: IPSec Add new connection dialog for a connection named connSub1, with the values specified from the above list. Configuration of connSub2 would be similar, with a different Connection name and Left subnet values.
The OnBoard appliance administrator can send a copy of the relevant portions of the ipsec.conf file after the changes are saved and applied in the Web Manager for the user to insert into the
ipsec.conf file on the user’s workstation.
The authorized user must do the following to enable the IPSec client running on the user’s workstation to bring up the VPN tunnel to access the subnets where the devices reside and then to access the native IP features on the devices.
If the OnBoard appliance administrator sends the relevant portions of the ipsec.conf file from the OnBoard appliance’s IPSec configuration, use it to replace the same section in the workstation’s ipsec.conf file.
Depending on the platform and IPSec client being used, the user may use a GUI or execute the ipsec auto -up command. IPSec automatically creates the routes needed to get packets flowing through the tunnel, so neither the user nor the administrator need to create routes to support IPSec access to devices.