Accessing the OnBoard Appliance and Connected Devices : Creating a VPN Tunnel : Creating IPSec VPN connections

Creating IPSec VPN connections
For an IPSec VPN connection, the following authentication information is required:
The ESP and AH authentication protocols (also called encapsulation methods) are supported. RSA Public Keys and Shared Secret are also supported.
If the RSA public key authentication method is chosen, the generated keys are different on each end. When Shared Secret is used, the secret is shared on both ends.
The OnBoard appliance administrator needs to give the user a copy of the configuration parameters used to configure the IPsec connection profiles on the OnBoard appliance, usually by providing a copy of the relevant portions of the ipsec.conf file, which the user can insert into the ipsec.conf file on the user’s workstation.
To create an IPSec VPN tunnel:
The authorized user must do the following to enable the IPSec client running on the user’s workstation to bring up the VPN tunnel to enable access to native IP features on a device or devices.
1.
a.
Test whether your workstation can access the OnBoard appliance by entering the appliance’s public IP address in a browser to try to bring up the Web Manager.
b.
2.
If the OnBoard appliance’s administrator sends the relevant portions of the ipsec.conf file from the OnBoard appliance’s IPSec configuration, use it to replace the same section in your workstation’s ipsec.conf file.
3.
Depending on the platform and IPSec client being used, you may use a GUI to create the IPSec VPN connection or execute the ipsec auto -up command.
4.
To enable native IP access through an IPSec VPN tunnel:
NOTE: The OnBoard appliance’s administrator must provide the appropriate IP address for this procedure, which is not the same as the public IP address assigned to the OnBoard appliance’s public interface. (The IP address is either the OnBoard appliance side IP address configured for the private subnet where the device resides or a virtual IP address configured for the OnBoard appliance.)
1.
2.
a.
b.
c.
Select Devices in the Web Manager’s left menu.
d.
3.
a.
Enter the ssh command with the following syntax: ssh -t username:@privateIP.
The following command line example uses user AllSPs and a virtual IP address of 172.20.0.1.
% ssh -t AllSPs:@172.20.0.1
b.
Select Access Devices from the menu.
c.
d.
Select Enable native IP from the list of management actions.