![]() In the VPN configuration > IKEv2 tree, right-click on the Phase 1 configuration created earlier ( Ikev2GwStandard in the example).Īn entry named Ikev2Tunnel by default is added to the selected Phase 1 configuration.Click on the upper menu Configuration > Save to save this configuration.Ĭonfiguring Phase 2 for the first network.In the Authentication tab > Authentication > Preshared key field, enter and confirm the pre-shared key defined for this user on the firewall.If you choose to use an FQDN, ensure that the DNS servers on the workstation have resolved it before you set up the tunnel. In the Authentication tab > Remote router address > Remote router address field, enter the public IP address or FQDN of the firewall with which the VPN client must set up a tunnel.In the Protocol tab > Advanced features section, select the Fragmentation checkbox and indicate the size of IKE fragments as defined on the firewall (1280 bytes according to Stormshield’s recommendations).In the Protocol tab > Identity > Local ID field, select E-mail from the drop-down list and enter the e-mail address of the workstation user.Right-click on Ikev2Gateway and select Rename to give this entry the name of your choice ( Ikev2GwStandard in the example).In the VPN configuration tree, right-click on IKEv2.Īn entry named Ikev2Gateway by default is added to the IKEv2 tree. ![]() You need to create as many Phase 2 configurations as the number of discontiguous networks that the VPN clients can reach.ĭo note that each of these Phase 2 configurations will use a separate VPN client IP address. ![]() Two separate Phase 2 configurations therefore need to be created for this configuration – one for each network. Right-click on the icon found in the Windows system tray (hidden icons):įor the purposes of the example presented in this tutorial, we assumed that mobile clients could access two separate, discontiguous networks via IPsec: Network 192.168.1.0/24 and Network 192.168.128.0/24.On the user's Microsoft Windows workstation:, open the connection window of the VPN client: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |