Configuration

Open a web browser and create an http connection to the device. In our example, the local network in the branch is identical to the device's preset default network.

Configure the Drop-in group.

Go to Network -> Drop In -> Drop In Groups -> New.

Under Group Description enter a unique description for the drop-in group, e. g. Drop In group .
Under Mode, select Transparent . ARP packets and IP packets belonging to the drop-in network are routed transparently (unchanged).
Under Network Configuration, select how an IP address is assigned to the network components, in this case Static .
Enter the Network Address of the drop-in network, in this case e. g. 192.168.0.0 .
Enter the relevant Netmask, e. g. in this case 255.255.255.0 .
Enter the drop-in group's Local IP Address, e. g. 192.168.0.254 .
For Interface Selection, select all the ports that are to be included in the drop-in group (in the network), e. g. LAN_EN1-0 and LAN_EN1-4 .
Confirm with OK.

Set up the default route

In the next step, you set up a default route to the provider gateway. In doing this, you need to select the interface for the drop-in group to which the gateway is later connected.

Go to Network -> Routes ->IPv4 Route Configuration ->New.

Select Default Route via Gateway as the Route Type.
Select the Interface that is to be used for this route, in this case LAN_EN1-4 .
For Gateway IP Address, enter the IP address of the provider gateway, in this case e. g. 192.168.0.1 .
Confirm with OK.

Set up the VPN tunnel endpoint in the branch

The GUI™ has a wizard to help you to configure an endpoint for the VPN (IPSec) connection in the branch.

To do this, you need to know the static address under which the remote terminal at head office can be accessed. The wizard automatically creates a route for the head office network that is to be accessed via the tunnel. To do this, go to the following menu:

Go to Assistants -> VPN -> VPN Connections -> New.
For VPN Scenario select IPSec-LAN-LAN Connection .
Click on Next to configure a new VPN connection.

Under Description, enter a name for the connection, e. g. IPSec_Connection_1 .
For Local IPSec ID enter the ID of your own IPSec gateway, e. g. Branch .
For Remote IPSec ID enter the ID of the remote IPSec gateway, e. g. Head office .
Enter a Preshared Key for the authentication. The preshared key must be configured identically on both sides.
Select the Local IP Address 192.168.0.254 .
For IPSec Peer IPv4 Address, enter the IP address of the remote IPSec partner, in this case e. g. 213.7.46.137 .
Enter the IP address of the Remote IPv4 Network, in this case e. g. 172.16.0.0 .
Enter the relevant Netmask of the destination network, e. g. in this case 255.255.255.0 .
Press OK to confirm your entries.

Set up the VPN tunnel endpoint at head office

Go to Assistants -> VPN -> VPN Connections -> New.
For VPN Scenario select IPSec-LAN-LAN Connection .
Click on Next to configure a new VPN connection.

Under Description, enter a name for the connection, e. g. IPSec_Connection_1 .
For Local IPSec ID enter the ID of your own IPSec gateway, e. g. Head office .
For Remote IPSec ID enter the ID of the remote IPSec gateway, e. g. Branch .
Enter a Preshared Key for the authentication. The preshared key must be configured identically on both sides.
Enter the required Local IP Address of the gateway, e. g. 172.16.0.254 .
As the drop-in router at the branch is not to be accessed from outside, the tunnel always needs to be initiated by the branch. So the field IPSec Peer Address at head office remains empty.
Enter the IP address of the Remote IPv4 Network, in this case e. g. 192.168.0.0 .
Enter the relevant Netmask of the destination network, e. g. in this case 255.255.255.0 .
Press OK to confirm your entries.

This completes the configuration. Save the configuration with Save configuration and confirm the selection with OK.