Use the Global Configuration screen to configure IPsec VPN authentication settings at an edge gateway level. On this screen, you can set a global pre-shared key and enable certification authentication.
A global pre-shared key is used for those sites whose peer endpoint is set to any.
Prerequisites
- If you intend to enable certificate authentication, verify that you have at least one service certificate and corresponding CA-signed certificates in the Certificates screen. Self-signed certificates cannot be used for IPsec VPNs. See Add a Service Certificate to the Edge Gateway.
- Navigate to the IPsec VPN Screen.
Procedure
- Open Edge Gateway Services.
- From the top navigation bar, select Resources, and click the Cloud Resources tab.
- In the left panel, click Edge Gateways.
- Click the radio button next to the name of the target edge gateway, and click Services.
- On the IPsec VPN tab, click Global Configuration.
- (Optional) Set a global pre-shared key:
- Enable the Change Shared Key option.
- Enter a pre-shared key.
The global pre-shared key (PSK) is shared by all the sites whose peer endpoint is set to any. If a global PSK is already set, changing the PSK to an empty value and saving it has no effect on the existing setting.
- (Optional) Optionally enable Display Shared Key to make the pre-shared key visible.
- Click Save changes.
- Configure certification authentication:
- Turn on Enable Certificate Authentication.
- Select the appropriate service certificates, CA certificates, and CRLs.
- Click Save changes.
What to do next
You can optionally enable logging for the IPsec VPN service of the edge gateway. See Statistics and Logs for an Edge Gateway.
