ENABLING IPSEC FOR YOUR WAN LINK
In this guide you will learn how to setup IPsec to encrypt traffic between your WANrockIT Nodes. Using IPsec is ensures the integrity, confidentiality and authentication of data communications over an IP network. It’s recommended to perform this step before performing the steps in the Connecting Nodes with NAT guide; however, IPsec can be enabled or disabled at any time.
It can be configured for setups without NAT as well, but VPNs will likely already be using IPsec encryption to safeguard your traffic.
- IPsec enabled Nodes will only allow connections from other IPsec enabled Nodes with the same Pre-Shared Key.
- It is recommended to only enable IPsec when data transfer is stopped as it will break the WAN connection between Nodes until all have been configured for IPsec.
- It is recommended that HTTPS is already enabled (by default it will already be enabled) before configuring IPsec as this ensures that Pre-Shared Key is only transmitted securely.
From the Node’s web interface, navigate to the Passwords & Security page.
IPsec is disabled by default, so the WANrockIT IPsec Configuration section will be disabled until the ‘Enable IPsec’ checkbox is selected.
Select the ‘Enable IPsec’ checkbox and the section will be enabled as shown below:
You can either enter in your own Pre-Shared Key or use the IPsec key generator by clicking ‘Generate Key’, this will fill in the Pre-Shared Key field as shown below:
Click Save to store the IPsec configuration, this will become active straight away and any existing WAN connections will break unless they already have IPsec enabled with the same Pre-Shared Key.
Copying the Pre-Shared Key to other WANrockIT Nodes
From the IPsec enabled Node’s web interface, navigate to the Passwords & Security page. The page should look like the example below:
Under the WANrockIT IPsec Configuration section click ‘Show Key’ to display the stored Pre-Shared Key. Select and copy this key to your clipboard.
From the web interface of any WANrockIT Nodes you wish to connect to, follow the Enabling IPsec <link> section, but paste in the key from your clipboard instead of generating a new one.
Bridgeworks have looked at the problem of data movement and come at it from an entirely new perspective. In mastering the rules of data movement over distance, Bridgeworks have now broken them to provide you with the ability to move significant volumes of business critical data in real time removing unacceptable time lags, that risk failure, delay or presents major costs to your business.