Amer Networks E5Web GUI User Manual

1.

Go to: Network > Interfaces and VPN > IPsec > Add > IPsec Tunnel

2.

Now enter:

•

Name: RoamingIPsecTunnel

•

Local Network: 10.0.1.0/24 (This is the local network that the roaming users will connect
to)

•

Remote Network: all-nets

•

Remote Endpoint: (None)

•

Encapsulation Mode: Tunnel

3.

For Algorithms enter:

•

IKE Algorithms: Medium or High

•

IPsec Algorithms: Medium or High

4.

For Authentication enter:

•

Pre-Shared Key: Select the pre-shared key created earlier

5.

Under the Routing tab:

•

Enable the option: Dynamically add route to the remote network when a tunnel is
established.

6.

Click OK

C. Finally configure the IP rule set to allow traffic inside the tunnel.

Self-signed Certificate based client tunnels

The following example shows how a certificate based tunnel can be set up.

Example 9.5. Setting up a Self-signed Certificate based VPN tunnel for roaming clients

This example describes how to configure an IPsec tunnel at the head office Clavister Security
Gateway for roaming clients that connect to the office to gain remote access. The head office
network uses the 10.0.1.0/24 network span with external gateway IP wan_ip.

InControl

With InControl, this is done in a different way to the Web Interface.

Web Interface

A. Create a Self-signed Certificate for IPsec authentication:

The step to actually create self-signed certificates is performed outside the Web Interface using a
suitable software product. The certificate should be in the PEM (Privacy Enhanced Mail) file
format.

Chapter 9: VPN

601