Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

IPsec Configuration Settings

The IPsec Configuration settings are for configuring IPsec tunnels that connect a location within your network to Secure Web Gateway.

Option Definition
Name Name of a location

For example, if you have branch offices in India and the United States, you can configure each office as a location that is connected to Secure Web Gateway through an IPsec tunnel.
Client ID Type Lists the identity types that clients can have
Client ID Identifies a client
Client Address IP address of a client

You can specify the egress IP address or the domain name of the corresponding location here. The server gets the request to create an IPsec tunnel from this source.

The client that sends this request is referred to as the initiator.

When the tunnel is created, the server logs this activity, for example, as follows:

28022023 MST 00:02:01.958 43[IKE] >802364> 3.85.30.156 is initiating an IKE_SA

The egress IP address of the initiator is 3.85.30.156 here.
Pre-shared Key String that you configure as key

When an IPsec tunnel is created, the initiator sends this key to the server. If the keys on both sides match, a Message Authentication Code (MAC) is generated.

This code is used for encryption and decryption.

The server logs encryption and decryption activities, for example, as follows:

[IKE] <Loc_US|102> authentication of '<Initiator’s: Client ID>' with pre-shared key successful

[IKE] <Loc_US|102> authentication of '<Server’s: Local ID>' (myself) with pre-shared key

[IKE] <Loc_US|102> successfully created shared key MAC
Subnets One or more subnets that are located behind an IPsec tunnel

For example: 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/24

Web traffic originating from these subnets is routed through the tunnel.
 
  • Was this article helpful?