Before you can create an IPsec Tunnel Entry you must have done the following:
A Sonus An SBC Certificate and Trusted CA Certificate must be obtained and imported to the SBC when Certificate is selected Authentication Mode list box in the Authentication Parameters panel. Refer to Working with Certificates for information about configuring certificates on the SBC.
An IPsec license is required to manage IPsec tunnels.
Info
icon
false
title
Important Information for Previous SIP-TLS Users:
When upgrading to version 3.0 existing Sonus
Spacevars
0
company
SBC Certificates will fail authentication due to key integrity verification errors when used to bring up the IPsec tunnel in the Certificate authentication mode.
Before beginning to manage an IPsec tunnel for Certificate authentication, you must generate a new Certificate Signing Request (CSR), re-sign, and re-import a new Sonus
Spacevars
0
company
SBC Certificate.
Note
icon
false
title
Note: Multiple Tunnel Configuration
Branch Office SBC: If multiple tunnel connection entries are configured for IKE preshared key authentication on the branch office SBC, both the Remote Address and the Preshared Secret must be unique.
Headquarters SBC: If multiple tunnel connection entries are configured for IKE Preshared key authentication on the headquarters SBC, either the Remote Address(only visible whenAllow Any Remote Addressis disabled) or the Remote Identifier(only visible whenAllow Any Remote Addressis enabled) values must be unique.
By default, the SBC VPN gateway supports policy-based source routing. The policy-based routing entries in the routing table are created automatically when an IPsec tunnel is established. In similar fashion, the policy-based routing entries in the routing table are deleted when an IPsec tunnel is torn down.
The table entries force the source address of the IP packets leaving the SBC gateway through the outer interface to take on the IP address of the inner interface. This allows the SIP Option exchange messages and other traffic flows between the SBC VPN trunking gateways to pass thru the tunnel with the packet encapsulation and decapsulation at both SBC gateway tunnel endpoints. Adding the inner interface address (private LAN connected to the local subnet network) to the Local Subnet Address field and the external interface address (private LAN connected to the remote subnet network) to the Remote Subnet Address field on both the branch office and headquarters SBC gateways enables the IPsec source routing capabilities.
In complex topology situations involving either a third-party VPN router and/or multiple nexthop devices, the traffic flow between the tunnel subnets is not properly source routed. As a workaround, default static routes can be manually added to the SBC VPN gateway.
...
Excerpt
In the WebUI, click the Settings tab.
In the left navigation pane, go to Protocols > IPsec > Connection Tables.
Panel
borderStyle
none
Caption
0
Figure
1
IPsec Tunnel Table
Image Added Image Removed
To view an IPsec Connection Table entry's properties: