IPsec RUTOS configuration example: Difference between revisions

----First of all, let's configure the VPN IPsec instance from RUTX11's side:

*Login to the router's WebUI and go to '''Services → VPN → IPsec'''. Enter a custom name (for this example we use ''test'') for the IPsec instance click the "Add" button:

----

*Click the "Edit" button located next to the newly created instance and set up the configuration according to the network:

[[File:IPsec RUT955 config 2.png|alt=|border|center|930x930px|class=tlt-border]]

*Below are explanations of the parameters highlighted in the figure above. Other parameters (not highlighted) are defaults. You can find descriptions for these parameters in the '''[[VPN#IPsec|VPN manual page, IPsec section]]'''

**'''Enable''' - enables the IPsec instance

***'''Ping period (sec)''' - the period (in seconds) at which ICMP packets will be sent to the specified host

**'''Allow WebUI access''' - when checked, allows WebUI access for hosts from the opposite instance

'''NOTE''': remember to replace certain parameter values (like IP addresses) with your own relevant data.

*IKE lifetime must be added and can be any desired value.

* Phase 1 & Phase 2 details should be the same with that of the RUT955 P1 & P2 details or else the tunnel will not be properly established.

===RUT955===

----Similarly, the configuration for the VPN IPsec instance from RUT955's side is as follows:

*In this case, Remote endpoint should be RUTX11's Public IP:

----

*The last step in configuring the IPsec instances is '''Phase settings'''. Make sure they match with the Phase settings (both Phase 1 and Phase 2) of the RUTX11's connection: