Creating the profile of IPsec VPN peers

In the module Configuration > VPN > IPsec VPN > Peers tab.

  1. Click on Add.
  2. Select New mobile IKEv2 peer or New anonymous IKEv2 peer (mobile) (up to SNS v3.7.11-LTSB and SNS 3.10.1).
  3. Name the mobile configuration (IKEv2_Mobile_Users in the example), then click on Next.
  4. For Peer authentication, select Pre-shared key (PSK), then click on Next.
  5. In the Identifying peers table, click on Add.
  6. In the User ID field, enter the e-mail address of the peer.
  7. In the Pre-shared key (ASCII) and Confirm fields, enter the password used to set up the IPsec VPN tunnel for this peer.
    For obvious security reasons, choose unique passwords that meet ANSSI recommendations (in French).
  8. Click on OK.
  9. Repeat steps 5 to 8 for each authorized mobile user.
  10. Click on Next.
    You will see a summary showing the name of the peer, the policy and type of authentication chosen.
  11. Confirm by clicking on Finish.
  12. Select the peer created earlier and fill in the Local ID field.
    In general, the DNS name (FQDN) of the firewall is used. Example: vpn-gw.stormshield.eu.
  13. Click on Save then on Save again.
  14. Click on Activate this policy.

The profile configured for IPsec mobile peers is therefore:

Adding pre-shared keys (PSK) to an existing policy

In the module Configuration > VPN > IPsec VPN > Identification tab:

  1. Click on Add in the Mobile tunnels: pre-shared keys table.
  2. In the User ID field, enter the e-mail address of the peer.
  3. In the Pre-shared key (ASCII) and Confirm fields, enter the password used to set up the IPsec VPN tunnel for this peer.
    For obvious security reasons, choose unique passwords that meet ANSSI recommendations (in French).
  4. Click on OK.
  5. Repeat steps 1 to 4 for each PSK to be added.

Example of a table of pre-shared keys: