Home » Support » Knowledge Base » IPSec VPN betwen eSoft InstaGate and Cisco RSA4000

IPSec VPN betwen eSoft InstaGate and Cisco RSA4000

Overview

The Cisco RSA4000 is a consumer grade SOHO broadband router with VPN capability, and is common in home and small ( fewer than 10 user ) business offices. This guide's aim is to help the eSoft InstaGate administrator create a Remote Office (IPSec) VPN tunnel to this Cisco device.

Several parameters use different nomenclature to describe the settings used for configuring a VPN, and this document will try to clarify those differences to guide you to a working configuration.

Please note that this configuration guide pertains only to the Cisco RSA4000 appliance - configuration in other Cisco equipment may be considerably different.
 

InstaGate Configuration

Configuration on the InstaGate is fairly simple, using the default IPSec and IKE parameters. You should simply need to define your Shared Secret and the Remote Gateway and Remote Network addresses or subnet ranges.

1. To begin, log into your InstaGate's administrator interface, and browse to Firewall > Remote Office VPNs

2. Click the Add button to create a new tunnel. Assign an appropriate Name, choose your tunnel type (Local Network to Remote Network by default), and ensure Key Management is set to Automatic (Shared Secret).

3. The Local Network should be populated with your LAN data by default, modify this if you need to restrict access to a particular subnet or host on your LAN, otherwise leave the default.

4. The Remote Gateway IP Address will be the Publc (WAN) IP address of the Cisco RSA4000 device. The Remote Network will be the LAN network or host behind the Cisco device to which you wish to connect.

5. Supply a Shared Secret - this value must be identical on both devices, this is the 'password' which allows IPSec VPN to verify the authenticity of the remote device.

6. Finally, click Apply to finish setting up the tunnel.

You should not need to modify the IKE or IPSec advanced settings on this tunnel. The following screenshots show the defaults for these pages in case you need to revert changes:

IKE

IPSec

Cisco RSA4000 Configuration

The Cisco device follows the same IPSec VPN conventions used by eSoft devices, however the default settings differ slightly.

1. First, browse to the VPN menu and select IPSec VPN to begin creating a new connection.

2. If not selected by default, change Select Tunnel Entry to the value -- new --. Change IPSec VPN Tunnel to enable and specify an appropriate Tunnel Name.

Local Group Setup

3. Here, set your Local Security Gateway Type to be IP Only

4. Set IP Address to the local Public (WAN) IP Address - this should be the default.

5. Set Local Security Group Type to be Subnet

6. Change IP Address and Subnet Mask to match the values you used for Remote Network when you configured the Multi-function Firewall.

Remote Group Setup

7. These values will correspond to the network behind your InstaGate. First, ensure the Remote Security Gateway Type is set to IP Only

8. Set the next dropdown box to IP Address, and specify the Public (WAN) IP address of your InstaGate

9. The Remote Security Group Type should be set to Subnet

10. The IP Address and Subnet fields will be the values you used for Local Network when configuring the InstaGate.

IPSec Setup

14. Next, click the Save button at the bottom of the page to create the new tunnel.

15. After clicking Save, and assuming your Multi-function Firewall has already been configured (proceed back to step 1 if not), click the Connect button to establish the VPN tunnel.

You should not need to make any changes to the Advanced settings on the Cisco device.
 

Troubleshooting

Diagnosing and troubleshooting IPSec VPN connections can be fairly complex. If you cannot establish a VPN tunnel between these devices and you've followed the configuration outlined above, please contact technical support, or get more help at eSoft's Knowledge Base