Encryption profile This option allows selecting the protection model associated with your VPN policy, from
3 preconfigured profiles: StrongEncryption, GoodEncryption and Mobile. Other profiles
can be created or modified in the tab Encryption profiles.
Comments Description given of the VPN policy.
The additional option Keepalive allows artificially maintaining mounted tunnels. This mechanism
sends packets that initialize the tunnel and force it to be maintained. This option is disabled by
default to avoid wasting resources, especially in the case of a configuration containing many
tunnels set up at the same time without any real need for them.
This option is only valid for site-to-site tunnels. It can be enabled by selecting the value
Keepalive in the Columns menu, which appears when you move the mouse over the header of
the columns in the table.
Keepalive To enable this option, assign a value other than 0, corresponding to the interval in
seconds, between each UDP packet sent.
Checking the policy in real time
The window for editing IPSec policy rules has a “Check policy” field (located below the table),
which warns the administrator whenever there are inconsistencies or errors in the rules created.
Example: [gateway policy at line 2] - Different IKE versions cannot be used in the same
IPSec policy.
Anonymous – Mobile users
A video from Stormshield Network’s WebTV on YouTube will guide you step by step in the
configuration of a secure connection between one of your sites and an IPSec VPN client. Click on
this link to access the video: Secure connections between a Stormshield Network firewall and
Stormshield Network IPSec VPN client.
A video will explain how to configure a secure connection between one of your sites and an
Apple
®
mobile client. Click on this link to access the video: Connecting securely from iPhone &
iPad.
The IPSec VPN has two endpoints: the tunnel endpoint and the traffic endpoint. For anonymous
or mobile users, the IP address of the tunnel’s endpoint is not known in advance.
As for the IP address of the traffic endpoint, it can either be chosen by the peer (“classic” case) or
given by the gateway (“Config mode”).
Name of the mobile configuration
By default, the drop-down list will display the message “no peer found”. VPN policy creation
wizards allow creating mobile peers. The procedure is as follows:
Add
Select the VPN policy in which you wish to set up a tunnel. Policy creation wizards will guide you
in this configuration. If you wish to create the mobile peer through the wizard, please refer to the
chapter “Creating a mobile peer” below.
It is possible to define VPN client settings (Config mode) for mobile users through the Config mode
policy creation wizard.
Page 166/448 sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
SNS - USER CONFIGURATION MANUAL V.3
IPSEC VPN
To Next Page
Loading...
