Skip to main content

Creating IPsec Parameters

This page explains the IPsec Parameter creation function on the OCX Portal.

  • Only one IPsec Parameter can be configured per resource.

Preparation

Please check the following before creating IPsec Parameters:

  • Your User Role must be either admin or user.
  • The target XaaS Connection resource must be in either the available or attached status.

Procedure for Creating IPsec Parameters

  1. Log in to the OCX Portal.

  2. Click [XaaS Connections] from the left navigation bar.

  3. From the XaaS Connections list page, click on the corresponding XaaS Connection resource.

  4. Click the IPsec Parameters tab at the bottom of the OCX Portal screen, then click [+] Create IPsec Parameter.

  5. The screen will switch to the IPsec Parameter creation step. Configure the input items as follows and click [Create].

    • Target XaaS
      • The target XaaS is displayed.
    • Pre-shared Key
      • Enter the Pre-shared Key configured in the target XaaS settings screen.
    • Remote ASN
      • Enter the AS number of the customer network you want to connect to. 4-byte AS numbers are supported.
      • The value must be different from the Local ASN entered in the XaaS Connection resource creation screen. It operates as eBGP.
      • Please refer to the [Remarks] section for unusable AS numbers.
    • Primary IPsec Parameter
      • Enter the tunnel endpoint address issued by the target XaaS in IPv4 address format.
      • Enter the local address in IPv4 CIDR (IPv4/mask) format.
      • Enter the remote address in IPv4 CIDR (IPv4/mask) format.
    • Secondary IPsec Parameter
      • Enter the tunnel endpoint address issued by the target XaaS in IPv4 address format.
      • Enter the local address in IPv4 CIDR (IPv4/mask) format.
      • Enter the remote address in IPv4 CIDR (IPv4/mask) format.

  6. A creation confirmation popup will appear. Check the settings and click [Create].

  7. The created IPsec Parameter will be displayed in the IPsec Parameters section at the bottom of the screen.

This completes the creation of the IPsec Parameter.

Remarks

Unusable IP Addresses

  • The following IPv4 address ranges cannot be used for local and remote addresses.

    Address RangeRemarks
    0.0.0.0/8RFC1122 this network
    127.0.0.0/8RFC1122 localhost
    192.0.0.0/24RFC5736 IETF protocol Assignments
    192.0.2.0/24RFC5737 TEST-NET-1
    192.88.99.0/24RFC7526 6to4 anycast relay
    198.18.0.0/15RFC2544 benchmarking
    198.51.100.0/24RFC5737 TEST-NET-2
    203.0.113.0/24RFC5737 TEST-NET-3
    240.0.0.0/4Multicast Address
    224.0.0.0/4Multicast Address

Unusable ASNs

  • The following AS numbers cannot be used as they are reserved by RFC.
    • 0
    • 23456
    • 65535
    • 4294967295