Internet, 6 examples of using ipsec vpn with psk – Westermo RedFox Series User Manual
Page 796
Westermo OS Management Guide
Version 4.17.0-0
❼ DPD Delay: The DPD delay is the interval between DPD probing messages
sent by a VPN gateway.
❼ DPD Timeout: If a period corresponding to the DPD timeout elapses with-
out getting any response on the DPD probe messages, the VPN gateway
considers the peer to be down.
The DPD settings can be configured individually on each peer. It is even possible
to disable DPD on one of the peers - that peer will still respond to DPD probing
messages from the other peer.
35.1.6
Examples of using IPsec VPN with PSK
This section illustrates configuration steps when configuring IPsec VPNs using IKE
authentication with pre-shared key (PSKs).
shows a sample IPsec VPN topology which can be used to illustrate VPN
configuration steps. This is the same topology as shown in the NET-NET example
in
, but with some more details on the inbound and outbound interface
of each VPN gateway.
(192.168.10.0/24)
NetworkA
(192.168.11.0/24)
NetworkB
Alice
VPN
GW1
Bob
VPN
GW2
Secure tunnel
Initiator
Responder
IP 192.168.10.1
iface vlan1
Inbound
Outbound
iface vlan2
IP 10.1.2.3
alice.example.com
Outbound
IP 10.4.5.6
iface vlan2
bob.example.com
Inbound
iface vlan1
IP 192.168.11.1
Internet
Figure 35.5: Example VPN topology used to illustrate configuration steps.
We have two VPN gateways, Alice and Bob, which are used to establish a secure
VPN tunnel between the central office network (192.168.10.0/24) and the branch
office network (192.168.11.0/24).
When using pre-shared key authentication, we first need to determine if Bob’s
outbound interface has a fixed address or not. This affects the choice of IKE main
mode or aggressive mode, as discussed in
and
explain the configuration steps if aggressive mode or main mode is
used.
796
➞ 2015 Westermo Teleindustri AB