Follow

IPSec VPN - How to Create a Net-to-Net Connection (Endian 2.5-to-Endian 2.5)

Versions 2.4 & 2.5

Applies to Platform: UTM 2.4, UTM 2.5, 4i Edge 2.5
Lst Update: 10th of December 2015

Note

If you have an Endian Appliance equipped with 3.0 or latest 5.0.5 software release read this article

This lesson will illustrate the necessary steps to configure a very simple Net-to-Net IPSec VPN tunnel between two Endian appliances.

Configuration Example

?name=Network_Diagram_-_VPN__Net2Net_.png

The diagram above is a simple illustration of the configuration example covered in this guide. We'll be creating a Net-to-Net connection to allow communication between the two internal Green (LAN) networks of each Endian device.

Enable the VPN Server (Site A)

?name=media_1303160818475.png

From the main menu, select VPN > IPSec and then check the box to enable the VPN server.

Click Save to continue.

Add a VPN Connection (Site A)

?name=media_1303160950831.png

Under VPN > IPSec and the "Connection status and control" box, click the Add button to create a new connection.

Configure VPN Connection Type (Site A)

?name=media_1303161056292.png

In the next screen, select Net-to-Net and click Add to continue.

Configure VPN Settings (Site A)

?name=media_1303161880500.png

Now we can configure the main settings for this VPN connection.

(1) Select which Internet interface you want to use for this specific connection
(2) Provide the public IP or hostname of the remote VPN device (siteb.example.com)
(3) Edit the local Green subnet (if necessary)
(4) Provide the remote VPN subnet to connect to (192.168.20.0/24)
(5) Provide an authentication method. In this case we're using pre-shared key as this is the simplest and most common method.

Click Save to finish.

Enable the VPN Server (Site B)

?name=media_1303165041379.png

From the main menu, select VPN > IPSec and then check the box to enable the VPN server.

Click Save to continue.

Add a VPN Connection (Site B)

?name=media_1303161952378.png

On the Endian (Site B) device under VPN > IPSec and the "Connection status and control" box, click the Add button to create a new connection.

Configure the VPN Connection Type (Site B)

?name=media_1303162040767.png

In the next screen, select Net-to-Net and click Add to continue.

Configure VPN Settings (Site B)

?name=media_1303162148380.png

Now we can configure the main settings for this VPN connection.

(1) Select which Internet interface you want to use for this specific connection
(2) Provide the public IP or hostname of the main VPN device (vpn.example.com)
(3) Edit the local Green subnet (if necessary)
(4) Provide the remote VPN subnet to connect to (192.168.5.0/24)
(5) Provide the pre-shared key you configured on the Site A device.

Click Save to finish.

Verify Connection (Site A & B)

?name=media_1303165087353.png

On the Site A VPN device, you should the "Status" go from CLOSED to OPEN which indicates a successful connection.

Test VPN Connectivity (Site A & B)

Now you should be able to successfully test all internal access to remote devices (resources) from both sides of the VPN tunnel. Anything from a simple ICMP ping to an RDP session or remote web server should be accessible across the tunnel.

Have more questions? Submit a request

Comments

  • Avatar
    Permanently deleted user

    We need to create a new how-to for the version 2.5 now we have IPSEC/L2TP and the GUI is slightly different

  • Avatar
    Gustavo Ávila

    Please, a new tutorial using IPsec between Endian UTM and Pfsense.

  • Avatar
    Narin Nil

    Not auto reconnect, How to please kindly advice me

     

    Thank

  • Avatar
    ਪ੍ਭਜੋਤ ਸਿੰਘ

    thanks a lot for tutorial helped me a lot..

    but after doing all my settings on both ends my tunnel is showing "closed"

    any ideas or suggestions???

     

  • Avatar
    Edvaldo Nery

    Hello, I configure a vpn ipsec in endians servers, used cryptography a default ao add a new connection.
    The access was very slow, is it possible to be the encryption used? If so, which encryption do you recommend for two 3.2.2 servers?