![]() |
The ESP and AH authentication protocols (also called encapsulation methods) are supported. RSA Public Keys and Shared Secret are also supported.If the RSA public key authentication method is chosen, the generated keys are different on each end. When Shared Secret is used, the secret is shared on both ends.The OnBoard appliance administrator needs to give the user a copy of the configuration parameters used to configure the IPsec connection profiles on the OnBoard appliance, usually by providing a copy of the relevant portions of the ipsec.conf file, which the user can insert into the ipsec.conf file on the user’s workstation.The authorized user must do the following to enable the IPSec client running on the user’s workstation to bring up the VPN tunnel to enable access to native IP features on a device or devices.
a. Test whether your workstation can access the OnBoard appliance by entering the appliance’s public IP address in a browser to try to bring up the Web Manager.
b. If a network or host route is needed to enable communications with the OnBoard appliance, configure the route.
2. Create an IPSec VPN connection profile on your workstation, using the values supplied by the OnBoard appliance administrator.If the OnBoard appliance’s administrator sends the relevant portions of the ipsec.conf file from the OnBoard appliance’s IPSec configuration, use it to replace the same section in your workstation’s ipsec.conf file.Depending on the platform and IPSec client being used, you may use a GUI to create the IPSec VPN connection or execute the ipsec auto -up command.NOTE: The OnBoard appliance’s administrator must provide the appropriate IP address for this procedure, which is not the same as the public IP address assigned to the OnBoard appliance’s public interface. (The IP address is either the OnBoard appliance side IP address configured for the private subnet where the device resides or a virtual IP address configured for the OnBoard appliance.)
1.
a.
c. Select Devices in the Web Manager’s left menu.
d. Find the entry for the desired device and click Enable Native IP access.
a. Enter the ssh command with the following syntax: ssh -t username:@privateIP.% ssh -t AllSPs:@172.20.0.1
b. Select Access Devices from the menu.
d. Select Enable native IP from the list of management actions.