Versions Compared

Version Old Version 64 New Version Current
Changes made by

Former user

Pavan Lakshminarayana

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note

To fully use this screen, you must have the following permissions assigned to your account:

  • Read Network L2L

  • Write Network L2L

Note

If you are an upgraded user, then any L2L VPN tunnel that you created in Generation 3 (my.armor.com) will not be displayed in the Armor Management Portal (AMP). If you need to modify a Generation 3 L2L VPN tunnel, please contact Armor Support via a support ticket.

Any L2L VPN tunnel that you create in AMP will be visible and configurable in AMP.

Info
Note

To fully use this screen, you must have the following permissions assigned to your account:

  • Read Network L2L 
    • Write Network L2L

    BGP Routing

    Some users have asked if Armor L2L VPN supports BGP routing. Armor does not currently support BGP routing.


    Anchor
    Create-a-L2L-VPN-tunnel-with-a-new-workload
    Create-a-L2L-VPN-tunnel-with-a-new-workload
    Create an L2L VPN tunnel with a new

    ...

    workload

    ...

    Note

    To create an L2L VPN tunnel, you must have an existing workload with an existing virtual machine. To learn how to create a virtual machine, see Create a virtual machine with a new workload.

    1. In the Armor Management Portal (AMP), in the left-side navigation,

    ...

    1. click Infrastructure.

    ...

    1. Click L2L VPN.

    2. In the top menu, in the drop-down menu, select the data center where the virtual machine lives.

    ...

    2. Click the plus ( + ) icon.

    ...

      • If you do not have any tunnels in that data center, then

    ...

      • click Create an L2L tunnel.

    ...

    1. In Tunnel Name, enter a descriptive name.

    ...

    2. Use the slider to enable or disable the tunnel.

    ...

    ...

    1. In Pre-Shared Key, enter a secure password.

    ...

      • You will use this key to securely connect to your local endpoint.

    ...

      • You can

    ...

      • click Generate New

    ...

      • Key to generate a password.

      • You can also create your own key.

    ...

      • If you create your own key, the key must contain the following requirements:

        • 16 to 96 characters

        • One lower-case letter

        • One upper-case letter

        • One number

    ...

    1. In Internet Key Exchange Version (IKE Version), select the IKE version (IKEV1

    ...

    1. or IKEV2).

    ...

    1. In Digest Algorithms, select an algorithm (SHA1 or SHA256).

    ...

    1. In Encryption Mode, select an encryption mode:

      • Advanced Encryption Standard (AES-128), (AES-256-CBC), or (

    ...

      • AES-256-GCM).

    2. Select a Diffie-Hellman Group option:

    ...

      • DH-2

        • MODP with a 1024-bit modulus

      • DH-5

        • MODP with a 1536-bit modulus

      • DH-14

      • DH-15

      • DH-16

    2. Enable or

    ...

    1. disable Perfect Forward Secrecy (PFS).

    2. Tunnel Configuration

      1. Digest Algorithms, select an algorithm (SHA1 or SHA256).

    ...

      2. Encryption Mode, select an encryption mode: (AES-128, AES-256, AEC-GCM)

      3. Select a Diffie-Hellman Group option:

        • DH-2

          • MODP with a 1024-bit modulus

        • DH-5

          • MODP with a 1536-bit modulus

        • DH-14

        • DH-15

        • DH-16

    2. In Remote Peer IP Address, enter your VPN peer IP address.

    ...

    ...

    1. In Remote Host/Networks (CIDR), enter your LAN encryption domain, and then click the plus ( + ) sign.

    ...

    ...

    1. In Local Host/Networks (CIDR), enter the Armor LAN encryption domain, and then click the plus ( + ) sign.

    ...

      • This information is the same as your secure cloud server IP address at Armor.

    ...

    ...

    1. Click Save Changes.

    ...

    Note

    For the L2L VPN tunnel to properly function, your remote device must contain the following configurations:  

    Attribute

    Setting

    ISAKMP

    ...

    Mode

    Main Mode

    Authentication

    Pre-Shared Key

    Phase 1 Lifetime (Seconds)

    28800

    DPD/Keep Alive

    Enabled

    DPD/Keep Alive

    ...

    Retries

    2

    DPD/Keep Alive Threshold (Seconds)

    ...

    10

    SA Lifetime (Seconds)

    3600

    SA Lifetime (Kilobytes)

    4608000


    Anchor
    Edit-a-L2L-VPN-tunnel
    Edit-a-L2L-VPN-tunnel
    Edit an L2L VPN tunnel

    ...

    1. In

    ...

    1. the Armor Management Portal (AMP), in the left-side navigation,

    ...

    1. click Infrastructure.

    ...

    ...

    1. Click L2L VPN.

    ...

    1. If you have virtual machines in various data centers, then click the corresponding data center.

    ...

    2. Locate and hover over the desired virtual machine.

    ...

    2. Click the vertical ellipses.

    ...

    ...

    1. Click Edit.

    ...

    2. Make your desired changes, and then

    ...

    1. click Save Changes.

    ...


    Anchor
    Enable,-disable,-or-delete-a-L2L-VPN-tunnel
    Enable,-disable,-or-delete-a-L2L-VPN-tunnel
    Enable, disable, or delete an L2L VPN tunnel

    ...

    1. In

    ...

    1. the Armor Management Portal (AMP), in the left-side navigation,

    ...

    1. click Infrastructure.

    ...

    ...

    1. Click L2L VPN.

    ...

    1. If you have virtual machines in various data centers, then click the corresponding data center.

    ...

    2. Locate and hover over the desired virtual machine.

    ...

    2. Click the vertical ellipses.

    ...

    ...

    1. Click Enable, Disable, or Delete.

    ...

    2. Make your desired changes, and then

    ...

    1. click Save Changes.

    ...

    Anchor
    Troubleshooting
    Troubleshooting
    Troubleshooting

    Info
     Troubleshooting

    Troubleshooting

    If you do not see any data in the the L2L VPN VPN screen, consider that:

    • An L2L VPN was never created.

       

    • You do not have permission to view L2L VPN configurations.

      • You must have

        the 

        the Read Network

        L2L and 

        L2L and Write Network L2L

         permissions

        permissions enabled. Contact your account administrator to enable these permissions.

         To

        To learn how to update you permissions,

        see 

        see Roles and Permissions.

         

    If you cannot save a new tunnel, consider that you have reached your limit of tunnels. When you are near your limit of tunnels, a warning message will appear. In this case,  Armor Armor recommends that you review existing tunnels to possibly consolidate or delete.  

    ...

    ...


    Topics Discussed

    Table of Contents
    minLevel3
    maxLevel3
    outlinefalse
    typelist
    separatorbrackets
    printablefalse