DEFINING TUNNELS
MultiConnect
®
rCell 100 MTR-EV3 User Guide 63
Chapter 12 – Defining Tunnels
Setting Up GRE Tunnels
Tunneling allows the use of a public network to convey data on behalf of two remote private networks. It is also a
way to transform data frames to allow them to pass networks with incompatible address spaces or even
incompatible protocols. Generic Routing Encapsulation (GRE) is a tunneling mechanism that uses IP as the
transport protocol and can be used for carrying many different passenger protocols.
The tunnels behave as virtual point-to-point links that have two endpoints identified by the tunnel source and
tunnel destination addresses at each endpoint. Configuring a GRE tunnel involves creating a tunnel interface, which
is a logical interface, then configuring the tunnel endpoints for the tunnel interface. To set up GRE tunnels:
1. From the Web Management interface, go to Tunnels > GRE Tunnels > GRE Tunnels Configuration.
2. Click Add Tunnel. A series of wizard pages helps you configure the connection.
3. In the Tunnel Name field, enter a name for the new tunnel.
4. (Optional) In the Description field, you can enter a description that helps you further identify the tunnel.
5. In the next wizard pane:
a. In the Remote WAN IP field, type the IP address of the gateway to which you want to connect.
b. Click Add under Remote Network Routes.
1. (Optional) From the Saved Network drop-down list, select the network that is to be routed
through the tunnel. To select a local interface: Select the local interface on which the
tunnel is being created. Eventually, the packets destined for this tunnel will be routed
through it.
2. If you are not using a saved network, in the Remote Network Route field, type the IP
address of the network that is routed through the tunnel.
3. If you are not using a saved network, in the Remote Network Mask field, type the mask of
the network.
4. Click Add.
c. In the Checking Period field, enter the timeout interval in minutes. The default is 10 minutes.
5. Click Submit.
6. To save your changes, click Save and Restart.
Configuring Network-to-Network Virtual Private Networks (VPNs)
The device supports site-to-site VPNs via IPsec tunnels for secure network-to-network communication. Both tunnel
endpoints should have static public IP addresses and must be able to agree on the encryption and authentication
methods to use. Setting up an IPsec tunnel is a two-stage negotiation process. The first stage negotiates how the
key exchange is protected. The second stage negotiates how the data passing through the tunnel is protected. For
endpoints that do not have public static IP addresses, additional options may help such as NAT Traversal and
Aggressive Mode.
By default, based on the encryption method chosen, the device negotiates ISAKMP hash and group policies from a
default set of secure algorithms with no known vulnerabilities. This allows flexibility in establishing connections
with remote endpoints. There is an ADVANCED mode that provides a way to specify a strict set of algorithms to
use per phase, limiting the remote endpoint's negotiation options.
To Next Page
Loading...
Need help?
General
