Overview of configuration steps

Configuration of the VPN gateway

Field Menu Value
Address mode LAN -> IP Configuration-> Interfaces -> <en1-0> Static
IP Address/Netmask LAN -> IP Configuration-> Interfaces -> <en1-0> e.g. 192.168.0.30 / 255.255.255.0
Interface Mode LAN -> IP Configuration-> Interfaces -> <en1-0> Manual
Proxy ARP LAN -> IP Configuration-> Interfaces -> <en1-0> Enabled

RADIUS settings

Field Menu Value
Authentication Type System Administration -> Remote Authentication -> RADIUS -> New XAUTH
Server IP Address System Administration -> Remote Authentication -> RADIUS -> New e.g. 192.168.0.111
RADIUS Password System Administration -> Remote Authentication -> RADIUS -> New e.g. radius_PWD
Group description System Administration -> Remote Authentication -> RADIUS -> New xauth

VPN Configuration

Field Menu Value
IP pool name VPN -> IPSec -> IP Pools -> Add e.g. pool .
IP pool range VPN -> IPSec -> IP Pools -> Add e.g. 192.168.0.150 - 192.168.0.180

XAUTH Configuration

Field Menu Value
Description VPN -> IPSec -> XAUTH Profiles -> New e.g. radius
Role VPN -> IPSec -> XAUTH Profiles -> New Server
Mode VPN -> IPSec -> XAUTH Profiles -> New RADIUS
RADIUS Server Group ID VPN -> IPSec -> XAUTH Profiles -> New xauth

IPSec peers configuration

Field Menu Value
Administrative Status VPN -> IPSec ->IPSec Peers -> Active
Description VPN -> IPSec ->IPSec Peers -> e.g. vpnclient .
Peer ID VPN -> IPSec ->IPSec Peers -> Fully Qualified Domain Name (FQDN)
Preshared Key VPN -> IPSec ->IPSec Peers -> e. g. bintec elmeg
IP Address Assignment VPN -> IPSec ->IPSec Peers -> IKE Config Mode
IP Assignment Pool VPN -> IPSec ->IPSec Peers -> pool
Local IP Address VPN -> IPSec ->IPSec Peers -> e.g. 192.168.0.30
Phase 1 Profile VPN -> IPSec -> IPSec Peers -> -> Advanced Settings None (use Default Profile)
Phase 2 Profile VPN -> IPSec -> IPSec Peers -> -> Advanced Settings None (use Default Profile)
XAUTH Profile VPN -> IPSec -> IPSec Peers -> -> Advanced Settings radius
Start mode VPN -> IPSec -> IPSec Peers -> -> Advanced Settings On Demand
Back Route Verify VPN -> IPSec -> IPSec Peers -> -> Advanced Settings Disabled
Proxy ARP VPN -> IPSec -> IPSec Peers -> -> Advanced Settings Up or Dormant
Mode VPN -> IPSec -> IPSec Peers -> -> Advanced Settings Inactive

Configuration of Phase 1 Profiles

Field Menu Value
Mode VPN -> IPSec ->Phase 1 Profiles -> Edit Aggressive
Local ID Value VPN -> IPSec ->Phase 1 Profiles -> Edit e.g. vpngateway.bintec-elmeg.com

Configuration of bintec secure IPSec clients

Field Menu Value
Connector Type Assistant for new profile Connection to company network via IPSec
Profile Name Assistant for new profile Head Office
Connection Medium Assistant for new profile LAN (over IP)
Gateway (Tunnel Endpoint) Assistant for new profile e.g. vpngateway.bintec-elmeg.com
Advanced authentication (XAUTH) Assistant for new profile Enabled
Exchange Mode Assistant for new profile Aggressive Mode
PFS Group Assistant for new profile DH Group 2 (1024 Bit)
Shared secret Assistant for new profile e. g. bintec elmeg
Shared Secret (Retry) Assistant for new profile e. g. bintec elmeg
Type Assistant for new profile e.g. Fully Qualified Username
ID Assistant for new profile e.g. client1@bintec-elmeg.com
IP address assignment Assistant for new profile Use IKE Config Mode
Stateful Inspection Assistant for new profile off
NetBIOS over IP Assistant for new profile Enabled

Copyright© Version 01/2020 bintec elmeg GmbH