Dynamic-IP Tunnels
  • 18 Nov 2020
  • 1 Minute To Read
  • Contributors
  • Print
  • Dark
    Light

Dynamic-IP Tunnels

  • Print
  • Dark
    Light

In order to establish a site-to-site tunnel (IPSec or WireGuard) between your Perimeter 81 gateway and a firewall/router with a dynamic public IP address, you will need to apply some modifications to the tunnel creation process. Follow the instructions below.

Important

This option is not supported by cloud IaaS providers (such as AWS, GCP, or Azure).

IPSec based connections

  1. When creating the tunnel at the Perimeter 81 platform fill in the General Settings section with the following information:
    Screen Shot 2020-10-06 at 16.04.21
  • Name: Choose the name of your own choice.
  • Shared Secret: Enter a string of at least 8 characters or use the Generate button. Make sure to copy and save it, as it'll be required when setting up the tunnel on your firewall/router management interface.
  • Public IP: Enter 0.0.0.0
  • Remote ID: Enter a string of your own choice. This parameter will use as an additional shared secret, providing an extra level of security. Copy and save it as it'll be used as the left ID (local ID or local identification) when setting the tunnel on your firewall/router management interface.

    Important
    0.0.0.0 is NOT an acceptable value for the Remote ID.
  • Perimeter 81 Gateway Proposal Subnet: Specify your Perimeter 81 network subnet (do not choose any).
  • Remote Gateway Proposal Subnet: Specify your on-premises internal network subnet.
  1. In the Advanced Settings section make sure to select IKEv2. The rest of the values remain the same as described in the designated guide.
  2. When setting up the tunnel at the firewall/router management interface fill in the following information:
  • Local IP: Since you're using a dynamic IP, enter a default value (this will vary between different vendors).
  • Local Identification/Local ID: Fill in the same value you set for Remote ID at the Perimeter 81 platform.
  • Remote IP and Remote ID: Enter your Perimeter 81 gateway IP address.
  • IKE Version: IKEv2
  1. Fill in the rest of the fields as described in the appropriate guide.

WireGuard based connections

  1. When creating the tunnel at the Perimeter 81 platform fill in the General Settings section with the following information:
    Screen Shot 2020-10-06 at 16.28.37.png
  • Name: Choose the name of your own choice.
  • Endpoint: Enter 0.0.0.0
  • Subnets: Enter your internal on-premises network's subnet.
  1. Follow the rest as described in the appropriate guide.