Security configuration stepsΒΆ

  1. Enabling IPsec.

  2. Specify:

    • the VPNs in which Turbo IPsec takes part (some of the VPNs may be static VPNs)
    • the requirements associated to the VPNs
  3. If no pre-defined 6WIND template matches the needs of some of the VPNs, create new templates.

  4. Define identity parameters to use pre-shared keys or certificates.

  5. For each dynamic VPN, install certificates and CA certificates, or load the pre-shared keys according to the selected authentication method.

  6. Specify each VPN. The VPNs must reference an existing pre-defined or custom template.

  7. For each VPN, define the required IPsec rules.

  8. Specify each IPsec rule, including the IPsec policy selection (AH, ESP, AH and ESP, discard, clear).

  9. If static VPNs co-exist with dynamic VPNs on the same Turbo IPsec server, define the SAs required by the static VPNs.

    There should be at least one security association per static VPN for outgoing traffic and another for incoming traffic.

  10. Apply the configuration to make it the running configuration.

  11. If the current configuration behaves correctly, make it active at next boot time.

See also

See IPsec and IKE configuration examples for more step by step configuration examples.