Configuring IPSec Tunnels

  1. In the management console, select Settings ->Connectors -> IPSec Tunnels
  2. Select the New IPSec Tunnel button. This will open a new menu.

  1. Under Tunnel Name, enter the desired name for the tunnel.

  1. Under IPSec Tunnel Authentication, create authentication credentials. Keep note of these credentials. They will be used to configure the IPSec tunnel from your network device.

  1. Select a location to associate the IPSec tunnel to. Note: A tunnel can be associated with a single location.

If you wish to create a new location, click the + button to the right of the location field. Refer to the Configuring Locations page for further details on how to configure a new location.

  1. Once the tunnel has been defined, click Submit.

After an IPSec tunnel has been created, it will also appear under Associated Tunnels in the Locations page.

Configuring the IPsec tunnel on the edge device

After creating the IPsec tunnel in the management console, it is required to set up the tunnel on the edge device (FW, SD-WAN, etc).

Configuration Settings:

  • Use the ID and PSK for the tunnel authentication.
  • Enter the following addresses as the remote endpoints:
    • ipsec-proxy-geo.axisapps.io
    • ipsec-proxy-secondary-geo.axisapps.io
  • The recommended cipher configuration is the following:
    • Key Exchange protocol - IKEv2
    • Encryption - AES256
    • Hash - SHA256
    • Diffie Hellman Group - 14

📘

Note

  • In order to present block pages or SSL Decrypt traffic it is required to install the Axis CA Certificate on endpoints or upload a CA Cert to Axis. For more information click here