This article is a sample procedure that explains how to create a new site with an IPsec IKEv1 (Cato-Initiated) connection. After you configure the site settings in the Add Site window, go to the IPsec section and configure the settings for the VPN tunnels. In this example, the default IKEv1 phase 1 and phase 2 settings are used for the site.
This sample deployment has a secondary connection to a different PoP.
To add a new IPsec IKEv1 site to your account:
-
From the navigation menu, click Network > Sites.
-
Click New. The Add Site panel opens.
-
Enter the Site Name and for Type select Branch.
-
Set the Connection Type to IPsec IKEv1 (Cato-Initiated).
-
Configure the Country, State, and Time Zone.
-
Configure the Native Range for the internal LAN to 192.0.2.0/24.
-
Click OK.
The new site is added to the account.
-
To configure the IPsec IKEv1 settings for the primary and secondary connections, click Site Configuration > IPsec.
-
In the General section, set the Service Type to Generic.
-
Because this is a new site, select the PoP IP addresses for the tunnels:
-
Expand the Primary section, and click IP Allocation Settings.
-
In the Configuration window, select New York, Chicago, and London.
-
Click Submit.
-
-
Configure the settings for the primary connection:
-
Set the Public IP settings:
-
Cato IP (Egress) - select New York
-
Enter the Primary Destination IP address as 192.168.3.18
-
-
Do not enter values for Private IPs, this site does not use BGP dynamic routing.
-
Set the Downstream bandwidth to 200 and the Upstream bandwidth to 100 Mbps.
-
In Primary PSK, and click Edit Password enter the pre-shared key for the primary connection.
-
-
Configure the settings for the secondary connection:
-
Expand the Secondary section.
-
Set the Public IP settings:
-
Cato IP (Egress) - select Chicago
-
Enter the Primary Destination IP address as 192.168.4.20
-
-
Do not enter values for Private IPs, this connection does not use BGP dynamic routing.
-
Set the Downstream bandwidth to 200 and the Upstream bandwidth to 100 Mbps.
-
In Secondary PSK, and click Edit Password enter the pre-shared key for the secondary connection.
-
-
Expand the Routing section, and select Implicit. This means that all WAN traffic is transmitted over the IPsec connection in a single Phase II tunnel with one encryption key.
-
Click Save. The IPsec IKEv1 connections for the site are configured.
0 comments
Please sign in to leave a comment.