Creating the profile of IPsec VPN peers

In the module Configuration > VPN > IPsec VPN > Peers tab.

  1. Click on Add.
  2. Select New remote peer.
  3. Name the mobile configuration (IKEv2_Mobile_Users in the example), select IKEv2 in the field IKE version, then click on Next.
  4. For Authentication type, select Pre-shared key (PSK), then click on Next.
  5. In the Mobile tunnels: pre-shared keys (PSK) table, click on Add.
  6. In the User ID field, enter the e-mail address of the peer.
  7. In the Pre-shared key (ASCII) and Confirm fields, enter the password used to set up the IPsec VPN tunnel for this peer.
    For obvious security reasons, choose unique passwords that meet ANSSI recommendations (in French).
  8. Click on Apply.
  9. Repeat steps 5 to 8 for each authorized mobile user.
  10. Click on Next.
    You will see a summary showing the name of the peer, the policy and type of authentication chosen.
  11. Confirm by clicking on Finish.
  12. Select the peer created earlier and fill in the Local ID field.
    In general, the DNS name (FQDN) of the firewall is used. Example: vpn-gw.stormshield.eu.
  13. Click on Apply, then on Save.
  14. Click on Activate this policy.

The profile configured for IPsec mobile peers is therefore:

Adding pre-shared keys (PSK) to an existing policy

In the module Configuration > VPN > IPsec VPN > Identification tab:

  1. Click on Add in the Mobile tunnels: pre-shared keys table.
  2. In the User ID field, enter the e-mail address of the peer.
  3. In the Pre-shared key (ASCII) and Confirm fields, enter the password used to set up the IPsec VPN tunnel for this peer.
    For obvious security reasons, choose unique passwords that meet ANSSI recommendations (in French).
  4. Click on OK.
  5. Repeat steps 1 to 4 for each PSK to be added.

Example of a table of pre-shared keys: