Overview of configuration steps

Creating an IPSec peer

Field Menu Value
Description VPN -> IPSec ->IPSec Peers-> New e.g. Branch Office
Peer Address VPN -> IPSec ->IPSec Peers-> New branchoffice.dyndns.org
Peer ID VPN -> IPSec ->IPSec Peers-> New Fully Qualified Domain Name (FQDN) and Branch Office
Preshared Key VPN -> IPSec ->IPSec Peers-> New e.g. bintec
Default Route VPN -> IPSec ->IPSec Peers-> New Disabled
Local IP Address VPN -> IPSec ->IPSec Peers-> New e.g. 192.168.0.10
Route Entries VPN -> IPSec ->IPSec Peers-> New for IP Address 192.168.1.0 and for Netmask 255.255.255.0

Changing the Phase-1 profile

Field Menu Value
Description VPN -> IPSec -> Phase-1 Profiles-> <Multi-Proposal> -> e.g. Branch Office
Proposals VPN -> IPSec -> Phase-1 Profiles -> <Multi-Proposal> -> AES/MD5
Mode VPN -> IPSec -> Phase-1 Profiles -> <Multi-Proposal> -> Aggressive
Local ID Type VPN -> IPSec -> Phase-1 Profiles -> <Multi-Proposal> -> Fully Qualified Domain Name (FQDN)
Local ID Value VPN -> IPSec -> Phase-1 Profiles -> <Multi-Proposal> -> Head Office
Alive Check VPN -> IPSec -> Phase-1 Profiles -> <Multi-Proposal> -> -> Advanced Settings Inactive

Changing the Phase-2 profile

Field Menu Value
Description VPN -> IPSec -> Phase-2 Profiles -> <Multi-Proposal> -> e.g. Branch Office
Proposal VPN -> IPSec -> Phase-2 Profiles -> <Multi-Proposal> -> AES-128/MD5
Alive Check VPN -> IPSec -> Phase-2 Profiles -> <Multi-Proposal> -> -> Advanced Settings Inactive

DynDNS

Field Menu Value
Hostname Local Services -> DynDNS Client -> DynDNS Update -> New e. g. headoffice.dyndns.org
Interface Local Services -> DynDNS Client -> DynDNS Update -> New e.g. Internet
User Name Local Services -> DynDNS Client -> DynDNS Update -> New e.g. Head Office
Password Local Services -> DynDNS Client -> DynDNS Update -> New e.g. password
Provider Local Services -> DynDNS Client -> DynDNS Update -> New dyndns
Enable update Local Services -> DynDNS Client -> DynDNS Update -> New Enabled

Requesting and importing certificates

Field Menu Value
Certificate Request Description System Management -> Certificates -> Request e.g. Head Office
Mode System Management-> Certificates -> Request Manual
Common Name System Management -> Certificates -> Request e.g. Head Office
External Filename System Management -> Certificates -> Import e.g. C:\Headoffice.crt
Local Certificate Description System Management -> Certificates -> Import e.g. Head Office
External Filename System Management -> Certificates -> Import e.g. C:\Ca.crt
Local Certificate Description System Management -> Certificates -> Import e.g. CA

Changing the IPSec tunnel

Field Menu Value
Authentication Method VPN -> IPSec ->Phase-1 Profiles -> <Branch Office>-> RSA Signature
Local Certificate VPN -> IPSec ->Phase-1 Profiles -> <Branch Office>-> Head Office
Mode VPN -> IPSec ->Phase-1 Profiles -> <Branch Office>-> Main Mode (ID Protect)
Local ID Value VPN -> IPSec ->Phase-1 Profiles -> <Branch Office>-> Use Subjectname from Certificate

Modifying IPSec Peers

Field Menu Value
Peer ID VPN -> IPSec ->IPSec Peers-> <Branch Office>-> ASN.1-DN (Distinguished Name) and CN=Branch Office

Ping Test

Field Menu Value
Test Ping Address Maintenance -> Diagnosis ->Ping Test 192.168.0.10

Copyright© Version 08/2020 bintec elmeg GmbH