Visibility as a Service (VaaS) IPSec Tunnel Configuration

Visibility as a Service (VaaS) IPSec Tunnel Configuration


Network:

·      IPVersion: IPV4

·      Remote Gateway (GVaaS Public IP): 64.135.107.4

·      Interface (If Applicable): Customer WAN Interface for Tunnel

·      NAT: Enabled

·      Keepalive Frequency (If Applicable): 10

·      Dead Peer Detection (If Applicable): On-Demand

·      DPD Retry Count (If Applicable): 3

·      DPD Retry Interval (If Applicable): 20

·      Ping: Enabled

 

Authentication:

·      Method: Pre-Shared Key

·      PSK: Customer or G-Net decides PSK

o   PSK (G-Net or Customer Provided):

 

·      IKE Version: 1

·      Mode: Main (ID Protection)

 

Phase 1:

·      Encryption: AES256

·      Authentication: SHA256

·      DH Group: 14

·      Key Lifetime (Seconds): 28800

 

Phase 2:

·      Local Addresses (If Applicable): Customer Address Space for Traffic Sources

 

 

·      Remote Address (If Applicable): GVaaS Subnet for Customer Applications

 

·      Encryption: AES256

·      Authentication: SHA256

·      Enable Replay Detection (If Applicable): Yes

·      Enable PFS: Yes

·      DH Group: 14

·      Local Port/Remote Port/Protocol (If Applicable): Yes

·      Auto-Negotiate: Yes

·      Key Lifetime: 3600 Seconds

 

Additional Tunnel Configuration(s) & Requirements:

 

 


    • Related Articles

    • Deploy Agents

      To deploy a Threat Simulator agent, follow the steps specific to your desired cloud platform, as indicated in the corresponding deployment tutorial, and using the custom deployment links and scripts available in the Deployment Tutorials page within ...