Configuration of bintec secure IPSec clients

The bintec secure IPSec client™ is called up with Start -> Program -> FEC Secure IPSec Client -> Secure Client Mode. Configuration of the bintec secure IPSec clients™ is performed with the assistant. At first launch of the bintec secure IPSec client™ the new assistant profile starts automatically.

 

Select Company Network Connection over IPSec.

Connector Type

Enter a name for the profile, e.g. Head Office .

Profile Name

In the next step of the assistant, you must select a connection medium over which to set up a connection to the Internet. In our example, the LAN (over IP) selection is used as the bintec secure IPSec client™ establishes no direct Internet access but uses an Internet access router.

Connection Medium

Under the option Gateway (Tunnel Endpoint) the address at which the VPN gateway is accessible over the Internet is saved . Enable the option Advanced Authentication (XAUTH) to transfer the user name and password to the KOBIL SecOVID™ server.

VPN Gateway Parameters

Next, Aggressive Mode is used as exchange mode because the bintec R3000™ gateway and thebintec secure IPSec client™ are assigned dynamic IP addresses by the provider. Set PFS Group to DH Group 2 (1024 Bit) , for example. The option Use IP Compression is not employed in this configuration.

IPSec Configuration

In the next assistant step, the preshared key configured on the VPN gateway is saved. The user e-mail address should be used as local identity under Type Fully Qualified Username .

Pre-shared key

In this example, a dynamic VPN IP address is assigned to the VPN IPSec client. For this, the option Use IKE Config Mode must be selected.

IKE Config Mode

In the final step, the firewall of the bintec secure IPSec client™ is configured. If the client is directly connected to the Internet, the firewall should be enabled.

Firewall

When setting up the VPN tunnel, the bintec secure IPSec client™ displays a user ID and password request. Here, the user name saved in the SecOVID admintool and the one-time password generated with the KOBIL SecOVID™ token are requested.

User ID / Password Request

FEC Secure IPSec Client

Copyright© Version 01/2020 bintec elmeg GmbH