Avocent 5224 Manuel D’Utilisation
30 MergePoint 5224/5240 Service Processor Manager User Guide
Creating IPSec VPN connections
For an IPSec VPN connection, the following authentication information is required:
•
Username and password
•
Connection keys or certificates
The ESP and AH authentication protocols (also called encapsulation methods) are supported. RSA
Public Keys and Shared Secret are also supported.
Public Keys and Shared Secret are also supported.
If the RSA public key authentication method is chosen, the generated keys are different on each
end. When Shared Secret is used, the secret is shared on both ends.
end. When Shared Secret is used, the secret is shared on both ends.
The MergePoint 5224/5240 SP manager administrator needs to give the user a copy of the
configuration parameters used to configure the IPsec connection profiles on the MergePoint 5224/
5240 SP manager, usually by providing a copy of the relevant portions of the ipsec.conf file, which
the user can insert into the ipsec.conf file on the user’s workstation.
configuration parameters used to configure the IPsec connection profiles on the MergePoint 5224/
5240 SP manager, usually by providing a copy of the relevant portions of the ipsec.conf file, which
the user can insert into the ipsec.conf file on the user’s workstation.
To create an IPSec VPN tunnel:
The authorized user must perform the following actions to enable the IPSec client running on the
user’s workstation to bring up the VPN tunnel that enables access to native IP features on
target devices.
user’s workstation to bring up the VPN tunnel that enables access to native IP features on
target devices.
1.
Make sure your workstation can exchange packets with the MergePoint 5224/5240 SP
manager.
manager.
a.
Test whether your workstation can access the MergePoint 5224/5240 SP manager by
entering the MergePoint 5224/5240 SP manager’s public IP address in a browser to try to
bring up the Web Manager.
entering the MergePoint 5224/5240 SP manager’s public IP address in a browser to try to
bring up the Web Manager.
b.
If a network or host route is needed to enable communications with the MergePoint 5224/
5240 SP manager, configure the route.
5240 SP manager, configure the route.
2.
Create an IPSec VPN connection profile on your workstation, using the values supplied by the
MergePoint 5224/5240 SP manager administrator.
MergePoint 5224/5240 SP manager administrator.
If the MergePoint 5224/5240 SP manager’s administrator sends the relevant portions of the
ipsec.conf file from the MergePoint 5224/5240 SP manager’s IPSec configuration, use it to
replace the same section in your workstation’s ipsec.conf file.
ipsec.conf file from the MergePoint 5224/5240 SP manager’s IPSec configuration, use it to
replace the same section in your workstation’s ipsec.conf file.
3.
Bring up the IPSec VPN tunnel.
Depending on the platform and IPSec client being used, you may use a GUI to create the IPSec
VPN connection or execute the ipsec auto -up command.
VPN connection or execute the ipsec auto -up command.
4.
Enable native IP access as described in the following procedure.