Nowadays, organizations prefer to have cloud infrastructures with services hosted on Data Centres of Service Providers(SP) like Amazon, Microsoft Azure, etc. These SPs allow networks to connect to them via IPSec VPN connections with pre-configured remote network settings.They provide a single IP Address which acts as the Remote Network for them.
This article describes how to create an IPSec connection between Cyberoam and any SP using a single IP Address as the local subnet.
You must be logged on to the Web Admin Console as an administrator with Read-Write permission for relevant feature(s).
Name to identify the IPSec Connection
Site to Site
Select Type of connection.
- Remote Access
- Site to Site
- Host to Host
Select policy to be used for connection
Action on VPN Restart
Select the action for the connection.
- Respond Only
Select Authentication Type. Authentication of user depends on the connection type.
Preshared key should be the same as that configured in remote site.
PortC – 126.96.36.199
Select local port which acts as end-point to the tunnel
Specify IP address of the remote endpoint.
Local Network Details
Select Local LAN Address. Add and Remove LAN Address using Add Button and Remove Button
Remote Network Details
Select Remote LAN Address. Add and Remove LAN Address using Add Button and Remove Button
Click OK to create IPSec Connection.
Step 2: Create NAT Policy
Step 3: Create Firewall Rule to Apply NAT Policy
Go to Firewall > Rule > Rule and create a rule with following parameters.
Specify a name to identify theFirewall Rule.
Specify source and destination zone to which the rule applies.
Specify source and destination host or network address to which the rule applies.
Select rule action.
Select the NAT policy to be applied.
• Logon to CLI Console via Telnet or SSH. You can also access the CLI Console by clicking Console on the upper right corner of the Web Admin Console screen.
From firmware version 10.6.1 onwards, the Console button is visible to the Super Administrator ONLY.
• Choose option 4. Cyberoam Console.
• Execute the following command:
console> cyberoam ipsec_route add net 192.168.2.0/255.255.255.0 tunnelname CRtoSP
The above configurationinstructs how to configure IPSec connection with a Service Provider.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.