We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda SSL VPN

How can the Barracuda SSL VPN be used as an IPsec server?

  • Type: Knowledgebase
  • Date changed: 7 years ago

Solution #00005457

Scope:
This solution applies to Barracuda SSL VPN Firmware 2.1 and Newer.

Answer:
As of firmware 2.1 the SSL VPN includes an IPsec service. Adding an IPsec server to the SSL VPN allows the SSL VPN to take on an additional role in managing the connections that can be made into the Corporate Network.
 
IPsec can easily be configured in the Resources > IPsec page. Select the Create IPsec Server option and a new window is displayed. Three options need to be set:
  • Pre-Shared Key - The shared key is a string which is provided on both client and server as part of the authentication of the IPsec connection.
  • IP Address Range Start - The first IP address in the IP Range that IPsec will use to assign to clients.
  • IP Address Range End - The last IP address in the IP range that IPsec will use to assign to clients.
Note: In order to prevent IP conflicts, the addresses should not be part of any other DHCP range on the LAN, or used by PPTP or Network Connector on the SSL VPN.

Next, the policies of the users that will access IPsec need to be set. Only one IPsec server can be configured and it will be available to all user databases, so all policies will be available. This will complete the server configuration.
 
The process for connecting a client to the SSL VPN over IPsec will vary depending on the client in use; not all clients may be able to connect. Nonetheless, the following actions should be true for all clients:
  • Use the Internet connection of the system to establish a VPN connection
  • The address should be that of the SSL VPN
  • PAP authentication must be enabled
  • Pre-shared key should match the one configured on the server configuration
  • When prompted for credentials provide the user credentials for the SSL VPN
 
Some of the advantages of using IPsec are:
  • Allows a full network connection from client to LAN without the need for a TAP driver
  • IPsec is supported by iPhone and iPad
  • No Java required
  • The following are the ports that these services utilize, and therefore will need to be opened on any firewall:

    IPsec: UDP 500, 4500

Additional Notes:
Some behavioral differences between Windows operating systems and IPsec connectivity to the SSL VPN have been discovered. Please contact Barracuda Support for configuration assistance if you encounter any difficulties.

Link to this page:

https://campus.barracuda.com/solution/50160000000IPMIAA4