Configuration of bintec Secure IPSec Client

The bintec Secure IPSec Clients™ is called up via Start -> Program -> bintec Secure IPSec Client -> Secure Client Monitor. The bintec Secure IPSec Clients™ is configured using the Wizard. The New Profile Wizard starts automatically upon first launch of the bintec Secure IPSec Clients™. Select Company Network Connection over IPSec.

Connection Type

Enter a name for the profile, e.g. Head Office .

Profile Name

In the next step of the Wizard, you must select a Connection Medium over which to set up a connection to the Internet. In our example, the LAN (over IP) selection is used as the VPN client establishes no direct Internet access but uses an Internet access router.

Connection Medium

Under the option Gateway (Tunnel Endpoint) the address at which the VPN gateway is accessible over the Internet is saved. Enable the option Advanced Authentication (XAUTH) .

	Note
	The Windows Active Directory logon data of the respective user can be stored for XAUTH User Name and Password.

VPN gateway parameters

Next, Aggressive Mode is used as Exchange Mode because the bintec be.IP™ router and the bintec Secure IPSec Client™ are assigned dynamic IP addresses by the provider. Set PFS Group to DH Group 2 (1024 Bit) , for example. The option Use IP Compression is not employed in this configuration.

IPSec Configuration

In the next step of the Wizard, the Preshared Key saved in the VPN gateway and the IPSec ID of the VPN client are saved.

The selection in the Type field must be such that it is suitable for the actual IPSec ID (e.g. Fully Qualified Username when using an ID in the form of an e-mail address).

Preshared Key

In this example, a dynamic VPN IP address is assigned to the VPN IPSec client. For this, the option Use IKE Config Mode must be selected.

IKE Config Mode

In the final step, the Firewall of the bintec Secure IPSec Clients™ is configured. If the client is directly connected to the Internet, the firewall should be enabled.

Firewall