In this article we will look at how you can configure Site-to-Site IKEv2 VPN on the new H series firewall with static IP, for example, we took the USG FLEX 500 H model. We will look at a simple but realistic case where there are two sites (offices) between which a secure connection must be established.
Set up IPSec VPN Tunnel with static IP
Step 1 - Scenario
- Login on your device "Web GUI"
- Go to the VPN section
- Type the VPN name used to identify this VPN connection
- Select the type to the "Site-to-Site"
- Click "Next"
Step 2 - Network
Configure My Address and Peer Gateway Address.
- The "My Address" field specify the wan address of the current site "HQ"
- The "Peer Gateway Address" field specify the address of the remote site "Branch"
- Click "Next"
Step 3 - Authentication
In our example, we use the "Pre Shared Key" authentication method, but certificate authentication is also available.
- Type a secure "Pre-Shared Key"
- Click "Next"
Step 4 - Policy and routing
- Set the "Local Subnet" - Local network IP address
- Set the "Remote Subnet" - the IP address of the network connected to the peer gateway
Step 5 - Summary
In the last step, you can check all settings and make changes if necessary.
After all the settings on "HQ" have been made, it is necessary to make the corresponding settings on "Branch". Perform the same settings on "Branch", it is important to note that during the settings on "Branch", now "Branch" is your local site, and "HQ" is remote.
Test IPSec VPN Tunnel
Verify the IPSec VPN status
Ping the PC in the Branch Office
Win 11 > cmd > ping 192.168.160.1
Comments
0 commentsPlease sign in to leave a comment.