VPN -> IPSec ->IPSec Peers -> New
Configuring the IPSec peer and callback |
An IPSec peer always refers to a remote terminal, in this example the branch office.
To create an IPSec peer, proceed as follows:
Go to VPN -> IPSec -> IPSec Peers -> New.
VPN -> IPSec ->IPSec Peers -> New
Relevant fields in the IPSec Peers menu
| Field | Meaning |
|---|---|
| Description | Define a name for the IPSec peer. |
| Peer ID | Select the ID type and enter the peer ID. |
| Preshared Key | This is the secret key for IPSec negotiation. |
| Default Route | Select whether the route to this IPSec peer is to be defined as the default route. |
| Local IP Address | Enter the WAN IP address of your device. |
| Route entries: Remote IP Address / Netmask | Enter the networks to be set up over this IPSec tunnel. |
To create an IPSec peer, proceed as follows:
Enter the description of the peer Description, e.g. rs232bw_branchoffice .
Leave Peer Address blank as the IP address of the peer is assigned dynamically by the provider.
Under Peer ID select IPV4 Address and enter the ID of the remote terminal, in this example 192.168.0.254 .
Under Preshared Key enter, for example, secret123 .
Deselect Default Route.
Enter the IP address of your device under Local IP Address, e.g. 192.168.1.254 .
Under Route Entries for IP Address and Netmask enter the IP address and the corresponding subnet mask of the network you wish to reach over the tunnel, in this example 192.168.0.0 and 255.255.255.0 .
Additional settings are required for peer configuration. For this, go to the following menu:
Go to VPN -> IPSec -> IPSec Peers-> New-> Advanced Settings.
Relevant fields in the menu Advanced Settings
| Field | Meaning |
|---|---|
| Mode | Select the type of IPSec callback. |
| Incoming ISDN Number | Enter the subscriber number that arrives when the peer initiates the callback. |
| Outgoing ISDN Number | Enter the subscriber number that is dialled when the gateway initiates the callback. |
| Transfer own IP address over ISDN | Determines whether or not the IP address of the gateway is transferred over ISDN. |
| Transfer Mode | Select the transfer mode of the IP address. |
Proceed as follows:
Select Both under Mode.
Under Incoming ISDN Number enter the MSN from which a callback is requested, in this example 850 .
Under Outgoing ISDN Number enter the MSN dialled for a callback, in this example 850 .
Select Transfer Own IP Address over ISDN.
Leave Transfer Mode set to Autodetect Best Mode .
Leave the remaining settings unchanged and confirm them with OK.
Click Save Configuration and then confirm with OK.
Configure the IPSec for the gateway in the branch in the same way. Check that the IDs, IP addresses and MSN are configured correctly.
|
Note |
|---|---|
|
The preshared key here is kept very simple and is only intended for test purposes. In productive operation you should use a key containing at least 30 characters, unconnected words and preferably upper and lower case letters, numbers and special characters. |
|
Creating an IPSec peer automatically generates standard profiles for phase 1 and phase 2, which are changed in the following section to suit the requirements of this scenario.
| Copyright© Version 01/2020 bintec elmeg GmbH |