It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

Customize phase1 in IPSec-tunnels

  • Type: Knowledgebase
  • Date changed: one year ago
Solution 00005283 

This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.4 and above 


For a special IPSec-tunnel configuration special phase 1 settings are needed.


The settings cannot be done with GUI, RAW IPsec settings have to be used.

The IDs have to be configured on the active IPsec side of the tunnel.

Per default (without RAW IPSec settings) in phase 1 (if pre-shared key is used) the IP address of the active partner is used as the ID.
To change this ID continue with the following steps in the RAW IPSec configuration:  

Scenario 1: Change the default ID from IP-address to FQDN:






Scenario 2: Change the IP-address of the active to a NAT-T IP-address (used if the remote partner is behind a NAT-device):





Address=<NAT-IP-address of the NAT-devices>

Scenario 3: Change the ID of a tunnel (without certificate, with preshared key) per tunnel-ID (not global):






Scenario 4: Change the ID of a tunnel (with certificate, without preshared key) per tunnel-ID (not global):

    No special settings are needed, the default altname of the configured server certificate is used.

Link to This Page: