...
- In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure.
- Click L2L VPN.
- In the top menu, in the drop-down menu, select the data center where the virtual machine lives.
- Click the plus ( + ) icon.
- If you do not have any tunnels in that data center, then click Create an L2L tunnel.
- In Tunnel Name, enter a descriptive name.
- Use the slider to enable or disable the tunnel.
- In Pre-Shared Key, enter a secure password.
- You will use this key to securely connect to your local endpoint.
- You can click Generate New Key to generate a password.
- You can also create your own key. If you create your own key, the key must contain the following requirements:
- 16 to 96 characters
- One lower-case letter
- One upper-case letter
- One number
- In Internet Key Exchange Version (IKE Version), select the IKE version (IKEV1 or IKEV2).
- In Digest Algorithms, select an algorithm (SHA1 or SHA256).
- In Encryption Mode, select an encryption mode:
Advanced Encryption Standard (AES-128) or (AES-256-CBC).
Note AES-256-GCM is not compatible.
- Select a Diffie-Hellman Group option:
- DH-2
- MODP with a 1024-bit modulus
- DH-5
- MODP with a 1536-bit modulus
- DH-14
- DH-15
- DH-16
- DH-2
- Enable or disable Perfect Forward Secrecy (PFDPFS).
- In Remote Peer IP Address, enter your VPN peer IP address.
- In Remote Host/Networks (CIDR), enter your LAN encryption domain, and then click the plus ( + ) sign.
- In Local Host/Networks (CIDR), enter the Armor LAN encryption domain, and then click the plus ( + ) sign.
- This information is the same as your secure cloud server IP address at Armor.
- Click Save Changes.
| Note | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
For the L2L VPN tunnel to properly function, your remote device must contain the following configurations:
|
...