Overview of configuration steps |
Configuration of the VPN gateway
Field | Menu | Value |
---|---|---|
Address mode | LAN -> IP Configuration-> Interfaces -> <en1-0> | Static |
IP Address/Netmask | LAN -> IP Configuration-> Interfaces -> <en1-0> | e.g. 192.168.0.30 / 255.255.255.0 |
Interface Mode | LAN -> IP Configuration-> Interfaces -> <en1-0> | Manual |
Proxy ARP | LAN -> IP Configuration-> Interfaces -> <en1-0> | Enabled |
Field | Menu | Value |
---|---|---|
Authentication Type | System Administration -> Remote Authentication -> RADIUS -> New | XAUTH |
Server IP Address | System Administration -> Remote Authentication -> RADIUS -> New | e.g. 192.168.0.111 |
RADIUS Password | System Administration -> Remote Authentication -> RADIUS -> New | e.g. radius_PWD |
Group description | System Administration -> Remote Authentication -> RADIUS -> New | xauth |
Field | Menu | Value |
---|---|---|
IP pool name | VPN -> IPSec -> IP Pools -> Add | e.g. pool . |
IP pool range | VPN -> IPSec -> IP Pools -> Add | e.g. 192.168.0.150 - 192.168.0.180 |
Field | Menu | Value |
---|---|---|
Description | VPN -> IPSec -> XAUTH Profiles -> New | e.g. radius |
Role | VPN -> IPSec -> XAUTH Profiles -> New | Server |
Mode | VPN -> IPSec -> XAUTH Profiles -> New | RADIUS |
RADIUS Server Group ID | VPN -> IPSec -> XAUTH Profiles -> New | xauth |
Field | Menu | Value |
---|---|---|
Administrative Status | VPN -> IPSec ->IPSec Peers -> | Active |
Description | VPN -> IPSec ->IPSec Peers -> | e.g. vpnclient . |
Peer ID | VPN -> IPSec ->IPSec Peers -> | Fully Qualified Domain Name (FQDN) |
Preshared Key | VPN -> IPSec ->IPSec Peers -> | e. g. bintec elmeg |
IP Address Assignment | VPN -> IPSec ->IPSec Peers -> | IKE Config Mode |
IP Assignment Pool | VPN -> IPSec ->IPSec Peers -> | pool |
Local IP Address | VPN -> IPSec ->IPSec Peers -> | e.g. 192.168.0.30 |
Phase 1 Profile | VPN -> IPSec -> IPSec Peers -> -> Advanced Settings | None (use Default Profile) |
Phase 2 Profile | VPN -> IPSec -> IPSec Peers -> -> Advanced Settings | None (use Default Profile) |
XAUTH Profile | VPN -> IPSec -> IPSec Peers -> -> Advanced Settings | radius |
Start mode | VPN -> IPSec -> IPSec Peers -> -> Advanced Settings | On Demand |
Back Route Verify | VPN -> IPSec -> IPSec Peers -> -> Advanced Settings | Disabled |
Proxy ARP | VPN -> IPSec -> IPSec Peers -> -> Advanced Settings | Up or Dormant |
Mode | VPN -> IPSec -> IPSec Peers -> -> Advanced Settings | Inactive |
Configuration of Phase 1 Profiles
Field | Menu | Value |
---|---|---|
Mode | VPN -> IPSec ->Phase 1 Profiles -> Edit | Aggressive |
Local ID Value | VPN -> IPSec ->Phase 1 Profiles -> Edit | e.g. vpngateway.bintec-elmeg.com |
Configuration of bintec secure IPSec clients
Field | Menu | Value |
---|---|---|
Connector Type | Assistant for new profile | Connection to company network via IPSec |
Profile Name | Assistant for new profile | Head Office |
Connection Medium | Assistant for new profile | LAN (over IP) |
Gateway (Tunnel Endpoint) | Assistant for new profile | e.g. vpngateway.bintec-elmeg.com |
Advanced authentication (XAUTH) | Assistant for new profile | Enabled |
Exchange Mode | Assistant for new profile | Aggressive Mode |
PFS Group | Assistant for new profile | DH Group 2 (1024 Bit) |
Shared secret | Assistant for new profile | e. g. bintec elmeg |
Shared Secret (Retry) | Assistant for new profile | e. g. bintec elmeg |
Type | Assistant for new profile | e.g. Fully Qualified Username |
ID | Assistant for new profile | e.g. client1@bintec-elmeg.com |
IP address assignment | Assistant for new profile | Use IKE Config Mode |
Stateful Inspection | Assistant for new profile | off |
NetBIOS over IP | Assistant for new profile | Enabled |
Copyright© Version 01/2020 bintec elmeg GmbH |