Override VPN Configuration: Step By Step Wizard

About this task

The Step-By-Step wizard creates a VPN connection with more manual configuration than the Quick Setup Wizard. Use this wizard to manually configure access control lists, IKE policy, and transform sets to customize the VPN tunnel.

Procedure

  1. In the Security Configuration Wizard screen, click Step-By-Step Wizard.
  2. Click Start.
    Click to expand in new window
    VPN Step-By-Step Wizard - Step 1
  3. Set the following VPN values in the Step 1 screen.
    Tunnel Name Provide a name for the tunnel.
    Tunnel Type Select the tunnel type being created. Two types of tunnels can be created. Use Site to Site to create a tunnel between two remote sites. Use Remote Access to create a tunnel between a user device and a network. Site to Site is the default setting.
    Interface Configure the interface to use for creating the tunnel – either Virtual LAN (VLAN), WWAN, or PPPoE depending on the interfaces available on the device.
    Traffic Selector (ACL) Creates the access control list (ACL) that is used to control who uses the network. Provide the Source and Destination IP address ranges with their net mask. Click Add Rule to add the rule into the ACL.
  4. Click Next.
    Click to expand in new window
    VPN Step-By-Step Wizard - Step 2
  5. Set the following VPN values in the Step 2 screen.

    If any of the required values in the Step 1 screen are not set properly, the Step 2 screen will not display until they are properly set.

    Peer Select the type of peer for this device when forming a tunnel. Peer information can be either an IP Address (default value) or Host Name. Provide the IP address or the host name of the peer device.
    Authentication Configure how devices authenticate on opposite ends of the tunnel connection. The following can be configured:
    • Certificate – The devices use a certificate to authenticate. This is the default setting.
    • Pre-Shared Key – The devices use a pre-shared key to authenticate.
    Local Identity Configure the local identity for the VPN tunnel.
    • P Address – The local identity is an IP address. This is the default setting.
    • FQDN – The local identity is a FQDN (Fully Qualified Domain Name) .
    • Email – The local identity is an E-mail address.
    Remote Identity Configure the remote identity for the VPN tunnel.
    • P Address – The remote identity is an IP address. This is the default setting.
    • FQDN – The remote identity is a FQDN.
    • Email – The remote identity is an E-mail address.
    IKE Policy Configure the Internet Key Exchange (IKE) policy to use when creating this VPN tunnel. The following options are available:
    • Use Default – Use the default IKE profiles. Select one of ike1-default or ike2-default.
    • Create new Policy – Create a new IKE policy.
  6. Click Add Peer to add the tunnel peer information into the Peer(s) table.
    This table lists all of the peers that are set for the VPN tunnel.
  7. Click Next to proceed to the Step 3 screen.
    Use the Back button to go to the previous step. If any of the required values in the Step 2 screen are not set properly, the Step 3 screen will not display until they are properly set.
    Click to expand in new window
    VPN Step-By-Step Wizard - Step 3
  8. Set the following IPSec VPN values in the Step 3 screen.
    Transform Set Transform set is a set of configurations exchanged for creating the VPN tunnel and imposing a security policy. The transform set consists of the following:
    • Encryption – The encryption to use for creating the tunnel.
    • Authentication – The authentication used to identify tunnel. peers
    • Mode – The mode of the tunnel. This is how the tunnel will operate.

    From the drop-down list, select any pre-configured transform set, or click Create New Policy to create a new transform set.

    Encryption This field is enabled when Create New Policy is selected in the Transform Set field. This is the encryption that is used on data traversing through the tunnel.

    Select from the following algorithms: esp-null, des, 3des, aes, aes-192, or aes-256.

    Authentication This field is enabled when Create New Policy is selected in the Transform Set field. This is the method peers authenticate as the source of the packet to other peers after a VPN tunnel has been created.

    Select from the following: MD5, SHA, SHA256, or AES-XCBC-HMAC-128.

    Mode This field is enabled when Create New Policy is selected in the Transform Set field. The mode indicates how packets are transported through the tunnel.
    • Tunnel – The tunnel is between two routers or servers.
    • Transport – The tunnel is between a client and a server.
    Security Association Configures the lifetime of a security association (SA). Keys and SAs should be renewed periodically to maintain the security of the tunnel.
    • Lifetime – Duration in seconds after which the keys should be changed. Set a value from 500 - 2,147,483,646 seconds.
    • Data – The key is changed after this quantity of data has been encrypted/decrypted. Set a value from 500 - 2,147,483,646 KB.
  9. Click Next to proceed to the Step 4 screen.
    Use the Back button to go to the previous step. If any of the required values in the Step 3 screen are not set properly, the Step 4 screen will not display until they are properly set.
    Click to expand in new window
    VPN Step-By-Step Wizard - Step 4
  10. Review the configuration and click Done to create the VPN tunnel.
    Use the Back button to go back to a previous screen and modify the configuration. Click Close to close the wizard without creating a VPN tunnel.