Configuration of bintec Secure IPSec Client

The bintec Secure IPSec Client™ is called up via Start -> Program -> FEC Secure IPSec Client -> Secure Client Mode. The bintec Secure IPSec Clients™ is configured using the Wizard. The New Profile Wizard starts automatically upon first launch of the bintec Secure IPSec Clients™.

Select Company Network Connection over IPSec.

Connection Type

Enter a name for the profile, e.g. VPN Company Head Office .

Profile Name

In the next step of the Wizard, you must select a Connection Medium over which to set up a connection to the Internet. In our example, the LAN (over IP) selection is used as the bintec Secure IPSec Client™ establishes no direct Internet access but uses an Internet access router.

Connection Medium

In the VPN Gateway Parameters window, the official static IP address or the DynDNS name of the remote terminal to which the IPSec tunnel is to be built must be entered, e.g. vpngateway.bintec-elmeg.com .

VPN Gateway Parameters

Next, Aggressive Mode is used as Exchange Mode because the bintec R3502™ router and the bintec Secure IPSec Client™ are assigned dynamic IP addresses by the Internet provider. Set PFS Group to DH Group 2 (1024 Bit) , for example. The option Use IP Compression is not employed in this configuration.

IPSec Configuration

In the next Wizard step, the Preshared Key configured on the VPN gateway is saved, e.g. test .

The user e-mail address should be used as Local Identity under Type Fully Qualified Username , along with the ID User1@bintec-elmeg.com . This type and the ID must match the peer ID configured on the VPN gateway.

Preshared Key

In this example, the bintec Secure IPSec Client™ derives an IP address from the IP pool configured on the VPN gateway. For this, the option Use IKE Config Mode must be selected under IP Address Assignment.

IKE Config Mode

In the next step, the Firewall of the bintec Secure IPSec Clients™ is configured. If the client is directly connected to the Internet, the firewall should be enabled. If the firewall is enabled, then it can also be specified whether traffic is permitted outside the IPSec tunnel or not.

Firewall

The IPSec Pathfinder function must still be enabled separately by editing the newly created profile.

Go to Configuration -> Profiles.

Available Profiles

The option IPSec Pathfinder Function is enabled in the Advanced IPSec Options menu.

IPSec Options

If a proxy server is used to connect to the Internet, then the bintec Secure IPSec Client™ offers the option to save proxy server settings in the Configuration -> Proxy for VPN Pathfinder menu.