Overview of configuration steps

Configuring the local IP address

Field Menu Value
Address mode LAN -> IP Configuration-> Interfaces -> Edit Static
IP Address/Netmask LAN -> IP Configuration-> Interfaces -> Edit e.g. 192.168.10.254 / 255.255.255.0
Interface Mode LAN -> IP Configuration-> Interfaces -> Edit Manual
Proxy ARP LAN -> IP Configuration-> Interfaces -> Edit Enabled

VPN Configuration

Field Menu Value
IP pool name VPN -> IPSec ->IP Pools -> Add e.g. VPNClient Pool
IP pool range VPN -> IPSec ->IP Pools -> Add e.g. 192.168.10.150 - 192.168.10.180

XAUTH Configuration

Field Menu Value
Description VPN -> IPSec -> XAUTH Profiles -> New e.g. radius_server
Role VPN -> IPSec -> XAUTH Profiles -> New Server
Mode VPN -> IPSec -> XAUTH Profiles -> New RADIUS

IPSec peers configuration

Field Menu Value
Administrative Status VPN -> IPSec ->IPSec Peers -> Active
Description VPN -> IPSec ->IPSec Peers -> e.g. VPNClient1
Peer ID VPN -> IPSec ->IPSec Peers -> E-mail Address / client1@bintec-elmeg.com
Preshared Key VPN -> IPSec ->IPSec Peers -> e. g. bintec elmeg
IP Address Assignment VPN -> IPSec ->IPSec Peers -> IKE Config Mode
IP Assignment Pool VPN -> IPSec ->IPSec Peers -> VPNClient Pool
Local IP Address VPN -> IPSec ->IPSec Peers -> e.g. 192.168.10.254
Phase 1 Profile VPN -> IPSec -> IPSec Peers -> -> Advanced Settings None (use Default Profile)
Phase 2 Profile VPN -> IPSec -> IPSec Peers -> -> Advanced Settings None (use Default Profile)
XAUTH Profile VPN -> IPSec -> IPSec Peers -> -> Advanced Settings radius_server
Start mode VPN -> IPSec -> IPSec Peers -> -> Advanced Settings On Demand
Back Route Verify VPN -> IPSec -> IPSec Peers -> -> Advanced Settings Disabled
Proxy ARP VPN -> IPSec -> IPSec Peers -> -> Advanced Settings Up or Dormant
Mode VPN -> IPSec -> IPSec Peers -> -> Advanced Settings Inactive

Configuration of Phase 1 Profiles

Field Menu Value
Mode VPN -> IPSec ->Phase 1 Profiles -> Aggressive
Local ID Type VPN -> IPSec ->Phase 1 Profiles -> E-mail Address
Local ID Value VPN -> IPSec ->Phase 1 Profiles -> e.g. headoffice@bintec-elmeg.com

RADIUS settings

Field Menu Value
Authentication Type System Administration -> Remote Authentication -> RADIUS -> New XAuth
Server IP Address System Administration -> Remote Authentication -> RADIUS -> New e.g. 192.168.10.100
RADIUS Password System Administration -> Remote Authentication -> RADIUS -> New e. g. bintec elmeg
Group description System Administration -> Remote Authentication -> RADIUS -> New e.g. xauth

Configuration of the Windows 2003 RADIUS Server

Field Menu Value
Friendly name New RADIUS Client R3000
Client address (IP or DNS) New RADIUS Client 192.168.10.254
Client-Vendor New RADIUS Client e. g. bintec elmeg Communications GmbH
Shared secret New RADIUS Client e. g. bintec elmeg
Confirm shared secret New RADIUS Client e. g. bintec elmeg
Policy Name New Remote Access Policy Wizard e.g. VPN_Client_Access
Policy Conditions New Remote Access Policy Wizard e.g. Client-Vendor matches "BinTec Communications GmbH"
Grant remote access permission New Remote Access Policy Wizard Enabled
Edit Profile New Remote Access Policy Wizard Enabled
Idle Timeout Edit Dial-in Profile 10 minutes
Authentication Edit Dial-in Profile Unencrypted authentication (PAP, SPAP)
Encryption Edit Dial-in Profile No encryption
dial-in user 1 Properties Allowed access

Configuration of bintec secure IPSec clients

Field Menu Value
Connector Type Assistant for new profile Connection to company network via IPSec
Profile Name Assistant for new profile Head Office
Connection Medium Assistant for new profile LAN (over IP)
Gateway (Tunnel Endpoint) Assistant for new profile e.g. vpngateway.bintec-elmeg.com
Advanced authentication (XAUTH) Assistant for new profile Enabled
Exchange Mode Assistant for new profile Aggressive Mode
PFS Group Assistant for new profile DH Group 2 (1024 Bit)
Shared secret Assistant for new profile e. g. bintec elmeg
Shared Secret (Retry) Assistant for new profile e. g. bintec elmeg
Type Assistant for new profile e.g. Fully Qualified Username
ID Assistant for new profile e.g. client1@bintec-elmeg.com
IP address assignment Assistant for new profile Use IKE Config Mode
Stateful Inspection Assistant for new profile off
NetBIOS over IP Assistant for new profile Enabled

Copyright© Version 01/2020 bintec elmeg GmbH