IPsec Configuration Settings
The IPsec Configuration settings are for configuring IPsec tunnels that connect a location within your network to Secure Web Gateway.
Option | Definition |
---|---|
Name | Name of a location For example, if you have branch offices in India and the United States, you can configure each office as a location that is connected to Secure Web Gateway through an IPsec tunnel. |
Client ID Type | Lists the identity types that clients can have |
Client ID | Identifies a client |
Client Address | IP address of a client You can specify the egress IP address or the domain name of the corresponding location here. The server gets the request to create an IPsec tunnel from this source. The client that sends this request is referred to as the initiator. When the tunnel is created, the server logs this activity, for example, as follows: 28022023 MST 00:02:01.958 43[IKE] >802364> 3.85.30.156 is initiating an IKE_SA The egress IP address of the initiator is 3.85.30.156 here. |
Pre-shared Key | String that you configure as key When an IPsec tunnel is created, the initiator sends this key to the server. If the keys on both sides match, a Message Authentication Code (MAC) is generated. This code is used for encryption and decryption. The server logs encryption and decryption activities, for example, as follows: [IKE] <Loc_US|102> authentication of '<Initiator’s: Client ID>' with pre-shared key successful [IKE] <Loc_US|102> authentication of '<Server’s: Local ID>' (myself) with pre-shared key [IKE] <Loc_US|102> successfully created shared key MAC |
Subnets | One or more subnets that are located behind an IPsec tunnel For example: 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/24 Web traffic originating from these subnets is routed through the tunnel. |