We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

Customize phase1 in IPSec-tunnels

  • Type: Knowledgebase
  • Date changed: 5 months ago
Solution 00005283 

 
Scope:
This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.4 and above 

 
Symptoms:

For a special IPSec-tunnel configuration special phase 1 settings are needed.


 
Solution:

The settings cannot be done with GUI, RAW IPsec settings have to be used.





























The IDs have to be configured on the active IPsec side of the tunnel.

Per default (without RAW IPSec settings) in phase 1 (if pre-shared key is used) the IP address of the active partner is used as the ID.
To change this ID continue with the following steps in the RAW IPSec configuration:  


Scenario 1: Change the default ID from IP-address to FQDN:

[General]

Default-phase-1-ID=<Phase1-ID-name>

[<Phase1-ID-name>]

ID-type=<USER_FQDN>

Name=<myname@domainname.com>


Scenario 2: Change the IP-address of the active to a NAT-T IP-address (used if the remote partner is behind a NAT-device):

[General]

Default-phase-1-ID=<Phase1-ID-name>

[<Phase1-ID-name>]

ID-type=<IPV4_ADDR>

Address=<NAT-IP-address of the NAT-devices>


Scenario 3: Change the ID of a tunnel (without certificate, with preshared key) per tunnel-ID (not global):

[IPSEC-<tunnelname>]

ID=IPSEC-<tunnelname-ID>

[IPSEC-<tunnelname-ID>]

ID-type=<FQDN>

Name=<myname.domainname.com>


Scenario 4: Change the ID of a tunnel (with certificate, without preshared key) per tunnel-ID (not global):

    No special settings are needed, the default altname of the configured server certificate is used.



Link to This Page:
https://campus.barracuda.com/solution/50160000000IKbEAAW