Create Site to Site IPsec Connections

Creating an IPsec tunnel via Timus, you can transfer data securely between the peers of the connection. To create a site-to-site IPsec VPN gateway connection between your on-premises network and a virtual network (VNet), follow the steps below. Here are the two phases of Internet Key Exchange (IKE) required to set up an IPsec connection using Timus.

Vendor Specific Firewalls

IKE PHASE 1

General Settings

  • Go to Timus Manager > Sites page.

ipsec-1.png

  • Click Create New in the upper right corner of the page.
  • Select Connector.
  • In the General tab, enter a Name (up to 30 characters).
  • Select IPsec as the Tunnel Type.
  • Set the Status to Enabled.

ipsec-3.png

Parameters

Click the Parameters tab on the Connector page.

  • Local Peer: Choose Network > Primary WAN.
  • Enter the PUBLIC WAN IP of your Timus Manager in the Local Peer Identifier field.
  • Remote Peer: Enter the WAN IP of the remote firewall/device.
  • Peer Identifier: Required on some devices. If needed, enter the same IP without /32.

ipsec-4.png

Authentication and Encryption (Phase 1)

  • Recommended Key Exchange Type: IKEv2.
  • Create a secure Preshared Key (max 50 characters).
  • Select negotiation mode: Main (default) or Aggressive.
  • Authentication Algorithm: SHA1 or SHA256.
  • Encryption Algorithm: AES128.
  • DH Group: Minimum modp1024 (Group 2); recommended higher groups such as modp2048 (14).
  • Ensure values match exactly on both devices.

Miscellaneous

  • Configure retry methods if required.
  • Ensure identical values on both devices.
  • Enable NAT Traversal if required (must match peer device).

ipsec-9.png

IKE PHASE 2

  • Create a tunnel to define traffic passing through the Phase 1 connector.
  • All encryption/authentication values must match on both devices.
  • Go to Timus Manager > Sites.
  • Locate your created Connector and click View.
  • Click Create Tunnel.
  • Enter a tunnel Name.
  • Set Status to Enabled.
  • Select Phase 2 Authentication and Encryption algorithms.
  • Enter Local Network subnet.
  • Enter Remote Network subnet.
  • Configure NAT Status if required.
  • Enable or disable Perfect Forward Secrecy (PFS) as needed.
  • Click Save.

ipsec-13.png

Vendors - IPsec site-to-site configuration

Updated

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.