Versions Compared

Version Old Version 51 New Version 52
Changes made by

Former user

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure.
  2. Click L2L VPN.
  3. In the top menu, in the drop-down menu, select the data center where the virtual machine lives. 
  4. Click the plus ( + ) icon. 
    • If you do not have any tunnels in that data center, then click Create an L2L tunnel.
  5. In Tunnel Name, enter a descriptive name. 
  6. Use the slider to enable or disable the tunnel. 
  7. In Pre-Shared Key, enter a secure password. 
    • You will use this key to securely connect to your local endpoint. 
    • You can click Generate New Key to generate a password.
    • You can also create your own key. If you create your own key, the key must contain the following requirements:
      • 16 to 96 characters
      • One lower-case letter
      • One upper-case letter
      • One number
  8. In Encryption Mode, select an encryption mode:
    • Advanced Encryption Standard (AES-128) or (AES-256).
  9. Mark a Diffie-Hellman Group option: 
    • DH-2
      • MODP with a 1024-bit modulus
    • DH-5
      • MODP with a 1536-bit modulus
    • DH-14
    • DH-15
    • DH-16
  10. Enable or disable Perfect Forward Secrecy (PFD).
  11. In Remote Peer IP Address, enter your VPN peer IP address. 
  12. In Remote Host/Networks (CIDR), enter your LAN encryption domain, and then click the plus ( + ) sign. 
  13. In Local Host/Networks (CIDR), enter the Armor LAN encryption domain, and then click the plus ( + ) sign. 
    • This information is the same as your secure cloud server IP address at Armor. 
  14. Click Save Changes. 
Note

For the L2L VPN tunnel to properly function, your remote device must contain the following configurations: 

  • Attribute Setting
  • ISAKMP Mode Main Mode
  • Hash SHA1
  • Authentication Pre-Shared Key
  • Phase 1 Lifetime (Seconds) 28800
  • DPD/Keep Alive Enabled
  • DPD/Keep Alive Retries 2
  • DPD/Keep Alive Threshold (Seconds) 10
  • Phase 2 Data-Integrity SHA1
  • SA Lifetime (Seconds) 3600
  • SA Lifetime (Kilobytes) 4608000


...

Anchor
Edit a L2L VPN tunnel
Edit a L2L VPN tunnel
Edit an L2L VPN tunnel

...

  • An L2L VPN was never created. 
  • You do not have permission to view L2L VPN configurations.
    • You must have the Read Network L2L and Write Network L2L permissions enabled. Contact your account administrator to enable these permissions. To learn how to update you permissions, see Roles and Permissions (Armor Complete)

If you cannot save a new tunnel, consider that you have reached your limit of tunnels. When you are near your limit of tunnels, a warning message will appear. In this case, Armor recommends that you review existing tunnels to possibly consolidate or delete. 

...