DEFINING TUNNELS
64 MultiConnect
®
rCell 100 MTR-EV3 User Guide
The default set of Hash Algorithms is: SHA-1, SHA-2, and MD5.
The default set of DH Group Algorithms is: DH2(1024-bit), DH5(1536-bit), DH14(2048-bit), DH15(3072-bit),
DH16(4096-bit), DH17(6144-bit), DH18(8192-bit), DH22(1024-bit), DH23(2048-bit), and DH24(2048-bit).
To set up a Network-to-Network VPN tunnel on your router:
1. From the Web Management interface, go to Tunnels > IPsec Tunnels.
2. Click Add Tunnel in upper right.
3. Enter a Name for the tunnel and an optional Description.
4. Click Next. The IPsec Remote Tunnel Endpoint pane opens.
5. Under the Saved Network drop-down, you can add a saved network OR enter a network manually by
entering the Remote Network Route (LAN IP) and Remote Network Mask (Subnet).
6. Choose Tunnel Type from the drop-down. Values are IKE and IKEv2.
7. The public IP address and LAN of this device do not need to be configured because they are already
known by this device.
8. Select the Authentication Method from the drop-down either Pre-Shared Key or RSA Signatures.
Authentication is performed using secret pre-shared keys and hashing algorithms (like SHA1 MD5) or RSA
signatures.
9. If you select Pre-Shared Key, then enter theSecret. This key needs to be the same on both endpoints.
10. If you select RSA Signatures, enter the following (in .pem format):
a. CA Certificate
b. Local RSA Certificate
c. Local RSA Private Key
11. Select the Encryption Method from the drop-down including 3DES, AES-128, AES-192, AES-256 , or
ADVANCED. The encryption method needs to be the same on both endpoints. IKE encryption algorithm is
used for the connection (phase 1 - ISAKMP SA). Based off of phase 1, a secure set of defaults are used for
phase 2, unless you use the Advanced option, in which case, you must specify all components of both
phases 1 and 2 including Encryption, Authentication, and Key Group.
12. If the remote endpoint is set up with unique IDs, check the Enable UID box, and enter the Local and
Remote IDs.
13. Click Show for IPSec Tunnel: Advanced features that limit the remote endpoint's negotiation options.
14. In the IKE Lifetime field, enter the duration in which ISAKMP SA lasts (in hours).
15. In the Max Retries field, enter the number of retries for the IPSec Tunnel. Enter zero for unlimited retries.
16. In the Key Life field, duration in which the IPSec SA lasts (in hours).
17. In the Checking Period field, enter the timeout interval (in minutes).
18. Check Compression to enable IPComp (compression algorithm).
19. Check Aggressive Mode to enable exchange identification in plain text (unencrypted for faster
negotiation). NOTE: This mode is less secure and prone to dictionary and brute force attacks.
20. Click Submit.
21. To save your changes, click Save and Restart.
For field descriptions, see IPsec Tunnel Configuration Field Descriptions.
To Next Page
Loading...
Need help?
General
