Creating the IPsec tunnel
- Click on Configuration > VPN > IPsec VPN.
- Select the encryption policy you wish to configure.
You can rename it by clicking on Edit.
- Click on Add > Site-to-site tunnel.
A wizard will automatically launch:
- In the Local network field, select your object Private_Net_Main_Site.
- In the Remote network field, select the object Private_Net_Remote_Site.
- Next, select a peer.
If the peer you wish to use does not yet exist, as in this example, you can create it by clicking on the hyperlink Create a peer (this step corresponds to the parameters that can be defined directly in the Peer tab in the menu Configuration > VPN > IPsec VPN).
- The wizard will then ask you to select the remote gateway: in this current case, this is the public address of the remote Firewall (object Pub_Remote_FW). By default, the name of the peer will be created by adding a prefix “Site_” to this object name; this name can be customized:
- Next, select the authentication method: select the method “Pre-shared key (PSK)”.
- In the fields Pre-shared key (ASCII) and Confirm, enter a complex password that will be exchanged between both sites in order to set up the IPsec tunnel, and then confirm.
To define a pre-shared key that is sufficiently secure, you are advised to do the following:
- Keep to a minimum length of 8 characters,
- Use uppercase and lowercase letters, numbers and special characters,
- Do not use a word found in a dictionary for your password.