<
/div>
—->> IKE Crypto (phase 1) <<—
1- Go to Network >> Network Profile >> IKE Crypto and click Add
Name: Test-IKE-CRYPTO
DH Group: group5
Authentication: sha256
Encryption: aes-192-cbc
Timers (Key Lifetime): 50,000 seconds
—>> IPSec Crypto (phase 2)<<—–
1- Go to Network >> Network Profile >> IPSec Crypto and click Add.
Name: Test-IPSEC-CRYPTO
Encryption: aes-256-cbc
Authentication: sha1
DH Group: group2
Lifetime: 10,000 seconds
—–>>> IKE Gateway<<<—–
1- Go to Network >> Network Profile >> IKE Gateway and click Add
Name: Test-IKE-GATEWAY
Version: IKEv1
Interface: ethernet1/1 (IPSec interface)
Local IP Address: 10.1.1.1/24
Peer IP Address Type: IP
Peer Address: 10.1.1.2
Authentication: Pre-Shared Key
Pre-shared Key: “Test@123”
Now click on Advanced Tab and select our IKE crypto profile.
—>>>IPSec Tunnel—->>
1- Go to Network >> IPSec Tunnels and click Add-
Name: TEST-IPSEC
Tunnel Interface: tunnel.12
IKE Gateway: Test-IKE-GATEWAY
IPSec Crypto Profile: Test-IPSEC-CRYPTO
In this profile, we can call our both profile IKE and IPSEC on that and include the Tunel group which we created Tunnel .12
In Proxy id , we only allowed interested traffic on that like LAN IPs
—->>> Routes<<—–
Add routes to reach PA-A to PA-B and vise-versa. Below are the route from PA-A to PA-B, where the gateway is IPSec peer IP, which is 192.168.1.1
Router Name – Router
Destination IP– 10.10.10.0/24
Next Hop IP – 192.168.1.2(Gateway IPSec Peer ip)
—>> Security Policy<<—
–>> We can use two policies for this Sit
e to site VPN
1- IPSec
2- For LAN to LAN communication between peer
–>> IPSec
Source Zone: Outside
Destination Zone: Outside
Application: ike, ipsec-esp
–>> For LAN to LAN communication between peer
Source Zone: LAN & VPN
Source IP: 172.16.0.0/24 & 10.10.10.0/24
Destination Zone: LAN & VPN
Destination IP: 172.16.0.0/24 & 10.10.10.0/24
Application: any
–>> check Logs <<–
1 – Go into Monitor –>> logs –>> system
—>>> Troubleshooting for Site to Site VPN <<—-
# show vpn ike-sa
#show vpn ipsec-sa tunnel “tunnel name”
#show vpn flow name “tunnel name”
# show running tunnel flow
Please command if you still face any issue.
Thanks