beautypg.com

Ios setup – Amer Networks E5Web GUI User Manual

Page 579

background image

As described for L2TP, the NAT rule lets the clients access the public Internet via the Clavister
Security Gateway.

5.

Set up the client. For Windows XP, the procedure is exactly as described for L2TP above but
without entering the pre-shared key.

9.2.8. iOS Setup

The standard IPsec client built into Apple iOS™ devices can be used to connect to a Clavister
Security Gateway using standard IPsec tunnels defined in cOS Core. The cOS Core setup steps are
as follows:

1.

Create address book objects for the tunnel. These will consist of:

i.

The network to which the local endpoint and the client addresses belong. For example,
192.168.99.0/24.

ii.

The local tunnel endpoint. For example, 192.168.99.1.

iii.

A range of addresses to be handed out to connecting clients. For example,
192.168.99.10-192.168.99.250.

2.

Create a Pre-shared Key (PSK) object of type Passphrase (ASCII). This is the shared secret that
will be entered into the IPsec client on the iOS device along with username and password.

3.

Create a Config Mode Pool object, select the option Use a Static IP Pool and associate the IP
address range defined in the first step.

4.

Populate a local user database with users that have a username and password. This function
could also be performed by a RADIUS server.

5.

Define an IPsec tunnel object using the default proposal lists and with the following
properties:

i.

Local Network: all-nets

ii.

Remote Network: all-nets

iii.

Remote Endpoint: None

iv.

Encapsulation mode: Tunnel

v.

IKE Config Mode Pool: Select the static IP pool

vi.

Authentication: Select the PSK defined above.

vii. Select XAuth authentication for inbound tunnels

viii. Allow DHCP over IPsec from single-host clients

ix.

Enable the option to Dynamically add a route to the remote network when tunnel is
established

x.

IP Addresses: Specify manually to be the local tunnel endpoint address

xi.

Security Assocation: Per Host

xii. Disable the option Add route to remote network

6.

Place the tunnel last in the list of IPsec tunnels. Also be aware that this tunnel cannot coexist

Chapter 9: VPN

579

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: