Connecting Untangle NGFW to Kerio Control via IPsec VPN

Overview

You can enable secure VPN connectivity between a Kerio Control protected network and a network protected by Untangle NG Firewall. This type of configuration uses IPsec VPN tunneling.

Setting the inbound network policy

To enable VPN tunneling, the firewall policy for each gateway must permit IPsec traffic.

Untangle NG Firewall

For Untangle NG Firewall, the default configuration permits incoming IPsec traffic. You can confirm these settings in Config -> Network -> Advanced -> Access Rules.

Screen_Shot_2018-10-02_at_1.14.21_PM.png

Kerio Control

To permit incoming IPsec traffic in Kerio Control, go to Configuration -> Traffic Rules and enable the default rule named VPN Services.

Screen_Shot_2018-10-02_at_1.13.30_PM.png 

Configuring the VPN server

Untangle NG Firewall

To enable and configure the IPsec VPN server in Untangle NG Firewall:

  1. In the administration, go to Apps.
  2. If the IPsec VPN app does not appear, click Install Apps and select IPsec VPN.
  3. Return to Apps and click IPsec VPN to configure the VPN server.
  4. In the VPN Config tab, click Enable L2TP/Xauth/IKEv2 Server
  5. Set a value for the IPsec Secret. The IPsec Secret is a password, so it should be complex.
  6. For all other values, use the defaults or assign custom parameters as needed. 

Screen_Shot_2018-10-02_at_12.59.18_PM.png

Kerio Control

To enable and configure the IPsec VPN server in Kerio Control:

  1. In the administration, go to Configuration -> Interfaces.
  2. Edit the VPN server interface.
  3. Verify that the IPsec VPN server is enabled.
  4. In the IPsec VPN tab, click Use preshared key and enter a password. 
  5. Click Ok, then Apply.

Screen_Shot_2018-10-02_at_12.58.48_PM.png

Creating the VPN tunnel

The IPsec tunnel between both firewall appliances must negotiate the following parameters:

  • IPsec secret / Preshared key - A common password assigned to the VPN server
  • Local ID - An identifier for the local VPN gateway
  • Remote ID - An identifier for the remote VPN gateway
  • Remote network - The IP subnet(s) behind the remote VPN gateway
  • Local network - The IP subnet(s) behind the local VPN gateway

Untangle NG Firewall

To configure VPN tunnel parameters in Untangle NG Firewall:

  1. Go to the IPsec Tunnel tab in the IPsec VPN app.
  2. Click Add.
  3. Set a Description for the VPN tunnel.
  4. For IKE Version, choose IKEv1.
  5. In Remote host, enter the IP address or hostname of the Kerio Control gateway.
  6. In Local Identifier, set an easy to remember value (e.g. untangle).
  7. In Remote Identifier, set an easy to remember value (e.g. kerio).
  8. In Remote network, enter the IP subnet of the network behind the Kerio Control gateway.
  9. In Shared Secret, enter the password you set as the preshared key in Kerio Control.
  10. Click Done, then Save.

Screen_Shot_2018-10-02_at_1.00.06_PM.png

Kerio Control

To configure VPN tunnel parameters in Kerio Control:

  1. Go to Configuration -> Interfaces.
  2. Click Add -> VPN Tunnel.
  3. Set a Name for the VPN tunnel.
  4. Confirm the Type is set to IPsec.
  5. Confirm the tunnel is enabled and choose Active.
  6. Beneath Active, enter the IP address or hostname of the Untangle VPN gateway.
  7. In the Authentication tab, choose Preshared key and enter the password you set as the IPsec Secret in Untangle.
  8. In Local ID, enter the value you set as the Remote Identifier in the corresponding VPN tunnel in Untangle.
  9. In Remote ID, enter the value you set as the Local Identifier in the corresponding VPN tunnel in Untangle.
  10. In the Remote Networks tab, click Add and enter the IP subnet of the network behind Untangle.
  11. Click Ok, then Apply.

Screen_Shot_2018-10-02_at_12.57.56_PM.png

Monitoring the VPN tunnel status

After configuring the VPN tunnel, each gateway attempts to connect immediately. In Untangle NF Firewall, the VPN connection status appears on the Status tab of the IPsec VPN app.

Screen_Shot_2018-10-02_at_1.01.31_PM.png

The VPN connection status in Kerio Control appears in the Interfaces screen.

Screen_Shot_2018-10-02_at_1.02.20_PM.png 

Follow
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk