> For the complete documentation index, see [llms.txt](https://docs.vergeos-demo.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.vergeos-demo.com/knowledge-base/networking/ipsec-example-dedicated-ip.md). # IPsec Example - Dedicated Public IP The following IPsec example utilizes a dedicated public IP address for a VPN tunnel. The VPN router is bridged to an existing internal network to provide Layer 2-connectivity to that network. {% hint style="info" %} **IPsec is a complex framework that supports a vast array of configuration combinations with many ways to achieve the same goal, making it impossible to provide one-size-fits-all instructions. Sample configurations are given for reference and should be tailored to meet the particular environment and requirements.** {% endhint %} {% hint style="info" %} **Consult the** [**IPsec Product Guide Page**](/run-the-platform/vpn/ipsec.md) **for step-by-step general instructions on creating an IPsec tunnel.** {% endhint %} * **VPN Network Name:** *vpn-ipsec* * **VPN Router address:** *192.168.0.254* * **Local VPN network:** *192.168.0.0/24* * **Remote VPN network:** *10.10.0.0/16* * **Bridged Internal Network Name:** *Internal-xyz* * **External Network Name:** *External* ## Static Lease We navigate to ***Internal-xyz** > IP Addresses > New*\* to reserve a static address for the VPN router on this internal network in order avoiding another entity from taking the same IP address. Full instructions for creating a static lease can be found here: [Create a DHCP Static Lease](/run-the-platform/networking/dhcp-static-lease.md). ![VPN Static Lease](/files/oGvqFs1UwjZelVhDAddK) ## VPN Network Configuration ![VPN Network Config](/files/8AX8apFT2jifJc5stCQR) ## Phase 1 ![Phase 1 Configuration](/files/udyzN0VnPh5DeiESlXyH) ## Phase 2 ![Phase 2 Configuration](/files/CctsGXjdsQat9Hq6CCyp) ## Assigned Public IP Address The public address must be [Assigned from the External network](/run-the-platform/networking/assign-external-ip.md) to the VPN network. ![Assign Public IP](/files/S0It0ZCtKCNigACxrJOo) ## Default VPN Network Rules **Default Firewall Rules** - The following necessary firewall rules are **created automatically** when a VPN network is created: * **Allow IKE**: Accept incoming UDP traffic on port 500 to **My Router IP** * **Allow IPsec NAT-Traversal**: Accept incoming UDP traffic on port 4500 to **My Router IP** * **Allow ESP**: Accept incoming ESP protocol traffic to **My Router IP** * **Allow AH**: Accept incoming AH protocol traffic to **My Router IP** ![Review Rules](/files/b01RkFD0Bx2mVVLdZtwY) {% hint style="success" %} **These rules can be modified to restrict to specific source addresses, where appropriate.** {% endhint %} ## Additional VPN Network Rules Additional rules need to be created on our new VPN network: **Translate Rule:** ![VPN Translate to Router](/files/dqWN90m2JdnULUga6PaZ) {% hint style="info" %} **The translate rule must be moved to the top of the rules list, before the *****Accept***** Rules. Instructions for changing the order of rules can be found in the Product Guide:** [**Network Rules - Change the Order of Rules**](/run-the-platform/networking/network-rules.md#change-the-order-of-rules) {% endhint %} **Default Route Rule:** ![VPN Default Route Rule](/files/EIj70fwD0nBTB5SwH77i) ## Internal Network Rule A routing rule is needed on *Internal-xyz* to route its VPN traffic to the VPN network. ![VPN Default Route Rule](/files/y7zfrRuGZq0tOiyhGd5z) {% hint style="success" %} **New rules must be applied on each network to put them into effect.** {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.vergeos-demo.com/knowledge-base/networking/ipsec-example-dedicated-ip.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.