Creating an IPsec Tunnel

Note: The following instructions assume that the IPsec Tunnel implementation is made using a certificate-based authentication method. If the IPsec Tunnel implementation is using a pre-shared key (PSK) authentication method, continue to Step 4.



  1. From the primary Smoothwall that points to the remote host, on the NETWORK menu, under the VPN submenu, click IPsec subnets and enter a meaningful Name for this VPN.
  2. New VPNs are turned on by default.
  3. Select the Local IP address that the tunnel connects to from the list and enter the Local network subnet that the remote host has access to, using the format: <IP_address>/<network_mask>.
  4. Select the identity type that's presented to the remote system from the Local ID type list.
  5. Note: Typically, you specify the ID types when connecting to non-Smoothwall VPN gateways. Refer to your vendor's documentation.

  6. Enter the Remote IP or hostname. If the remote host uses a dynamic IP address, you can leave this blank for any.
  7. Enter the Remote network subnet that the local host has access to, using the format: <IP_address>/<network_mask>.
  8. Select the Remote ID type that the remote gateway is expected to present from the list.
  9. Choose the authentication method from the Authenticate by list.
  10. If you want to Use compression or for the local VPN system to Initiate the connection if the remote IP address is known, select these options. You can also enter a Comment.
  11. Click Add.

Follow-up tasks

Read more

About IPsec subnet VPNs

Page reference details

IPsec subnets

Something not right? .