1 overview of ipsec vpn management features, Section 35.1.1 – Westermo RedFox Series User Manual

Westermo OS Management Guide

Version 4.17.0-0

35.1

Overview of IPsec VPN Management Features

Feature

Web

CLI

General Description

VPN Configuration
Add/Delete IPsec VPN tunnels

X

X

Section 35.1.1

Local/Remote Subnets

X

X

-”-

Local/Remote Protocol & Port

X

Outbound Interface

X

X

-”-

NAT Traversal

X

X

-”-

IKEv1

X

X

Section 35.1.2

Role (Initiator/Responder)

X

X

-”-

Mode (Main/Aggressive)

X

X

Sections 35.1.2

and

35.1.6.1

IKE Authentication

X

X

Section 35.1.2

Pre-shared Key

X

X

Sections 35.1.2

and

35.1.6

Certificates

X

X

Sections 35.1.2

and

35.1.7

IKE Cipher Suite

X

X

Section 35.1.2

Identity

X

X

-”-

ESP Cipher Suite

X

X

-”-

Perfect Forward Secrecy

X

X

Section 35.1.3

MTU Override

X

X

Section 35.1.4

Dead Peer Detection

X

X

Section 35.1.5

VPN Status
Show IPsec Tunnel Status

X

X

35.1.1

Introduction to IPsec VPNs

A common use case for IPsec VPNs is to connect two networks via a secure tunnel
over the Internet. We refer to this scenario as NETWORK-NETWORK VPNs, and
is accomplished by having two VPN gateways, one at each site, negotiate and
establish a secure tunnel, and to forward all traffic between the two networks
through this tunnel. By creating VPN tunnels you establish a secure overlay net-
work on top of your regular Internet connections.

We use

fig. 35.2

to explain some VPN related terminology.

❼ Peers: The two VPN gateways (Alice and Bob) are referred to as IPsec peers.

The peers constitute the end-points of the secure tunnel. One of the peers

➞ 2015 Westermo Teleindustri AB

789