Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure.
  2. Click L2L VPN.
  3. In the top menu, in the drop-down menu, select the data center where the virtual machine lives. 
  4. Click the plus ( + ) icon. 
    • If you do not have any tunnels in that data center, then click Create an L2L tunnel.
  5. In Tunnel Name, enter a descriptive name. 
  6. Use the slider to enable or disable the tunnel. 
  7. In Pre-Shared Key, enter a secure password. 
    • You will use this key to securely connect to your local endpoint. 
    • You can click Generate New Key to generate a password.
    • You can also create your own key. If you create your own key, the key must contain the following requirements:
      • 16 to 96 characters
      • One lower-case letter
      • One upper-case letter
      • One number
  8. In Internet Key Exchange Version (IKE Version), select the IKE version (IKEV1 or IKEV2).
  9. In Digest Algorithms, select an algorithm (SHA1 or SHA256).
  10. In Encryption Mode, select an encryption mode:
    • Advanced Encryption Standard (AES-128) or (AES-256-CBC). 


      AES-256-GCM is not compatible.

  11. Mark Select a Diffie-Hellman Group option: 
    • DH-2
      • MODP with a 1024-bit modulus
    • DH-5
      • MODP with a 1536-bit modulus
    • DH-14
    • DH-15
    • DH-16
  12. Enable or disable Perfect Forward Secrecy (PFD).
  13. In Remote Peer IP Address, enter your VPN peer IP address. 
  14. In Remote Host/Networks (CIDR), enter your LAN encryption domain, and then click the plus ( + ) sign. 
  15. In Local Host/Networks (CIDR), enter the Armor LAN encryption domain, and then click the plus ( + ) sign. 
    • This information is the same as your secure cloud server IP address at Armor. 
  16. Click Save Changes