In the Horizon dashboard, VPN policies and connections are managed within the VPN section under the Project tab:
Figure 12.5
In the dashboard, the workflow to create functional site-to-site connections is similar to the CLI. IKE policies, IPSec policies, and VPN services must first be created and then applied to the IPSec site connections, which completes the tunnel configuration.
To create an IKE policy, perform the following steps:
- From the IKE Policies tab, click on the Add IKE Policy button in the upper right-hand corner of the screen. A window will appear that allows you to create an IKE policy:
Figure 12.6
- Once the IKE policy is configured, click on the blue Add button to create the policy. The resulting policy will be listed on the main VPN page under IKE Policies, as shown in the following screenshot:
Figure 12.7
To create an IPSec policy, perform the following steps:
- From the IPSec Policies tab, click on the Add IPSec Policy button in the upper right-hand corner of the screen. A window will appear that allows you to create an IPSec policy:
Figure 12.8
- Once the IPSec policy is configured, click on the blue Add button to create the policy. The resulting policy will be listed on the main VPN page under IPSec Policies, as shown in the following screenshot:
Figure 12.9
To create a VPN service, perform the following steps:
- From the VPN Services tab, click on the Add VPN Service button in the upper right-hand corner of the screen. A window will appear that allows you to create a VPN service:
Figure 12.10
- As part of the VPN configuration, the chosen subnet will be included as the local encryption domain for the IPSec site connection. The subnet should match a tenant network that is directly connected to the chosen router. At this time, only a single local subnet can be associated with the VPN service.
- Once the VPN service is configured, click on the blue Add button to create the policy. The resulting policy will be listed on the main VPN page under VPN Services, as shown in the following screenshot:
Figure 12.11
- As they are created, additional VPN services can be observed under VPN Services:
Figure 12.12
To create an IPSec site connection, perform the following steps:
- From the IPSec Site Connections tab, click on the Add IPSec Site Connection button in the upper right-hand corner of the screen. A window will appear that allows you to create a connection:
Figure 12.13
- The IPSec site connection must be associated with previously configured IKE and IPSec policies as well as a VPN service. Subnets that make up the remote encryption domain should be defined in the Remote peer subnet(s) field.
- Once the IPSec site connection is configured, click on the blue Add button to create the connection. The resulting connection will be listed on the main VPN page under IPSec Site Connections, as shown in the following screenshot:
Figure 12.14
- An IPSec site connection will remain in the PENDING_CREATE status until Neutron completes the local VPN configuration.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.