Overview of configuration steps |
Configuring the local IP address
Field | Menu | Value |
---|---|---|
Address mode | LAN -> IP Configuration-> Interfaces -> Edit | Static |
IP Address/Netmask | LAN -> IP Configuration-> Interfaces -> Edit | e.g. 192.168.10.254 / 255.255.255.0 |
Interface Mode | LAN -> IP Configuration-> Interfaces -> Edit | Manual |
Proxy ARP | LAN -> IP Configuration-> Interfaces -> Edit | Enabled |
Field | Menu | Value |
---|---|---|
IP pool name | VPN -> IPSec ->IP Pools -> Add | e.g. VPNClient Pool |
IP pool range | VPN -> IPSec ->IP Pools -> Add | e.g. 192.168.10.150 - 192.168.10.180 |
Field | Menu | Value |
---|---|---|
Description | VPN -> IPSec -> XAUTH Profiles -> New | e.g. radius_server |
Role | VPN -> IPSec -> XAUTH Profiles -> New | Server |
Mode | VPN -> IPSec -> XAUTH Profiles -> New | RADIUS |
Field | Menu | Value |
---|---|---|
Administrative Status |
VPN -> IPSec
->IPSec Peers ->
![]() |
Active |
Description |
VPN -> IPSec
->IPSec Peers ->
![]() |
e.g. VPNClient1 |
Peer ID |
VPN -> IPSec
->IPSec Peers ->
![]() |
E-mail Address / client1@bintec-elmeg.com |
Preshared Key |
VPN -> IPSec
->IPSec Peers ->
![]() |
e. g. bintec elmeg |
IP Address Assignment |
VPN -> IPSec
->IPSec Peers ->
![]() |
IKE Config Mode |
IP Assignment Pool |
VPN -> IPSec
->IPSec Peers ->
![]() |
VPNClient Pool |
Local IP Address |
VPN -> IPSec
->IPSec Peers ->
![]() |
e.g. 192.168.10.254 |
Phase 1 Profile |
VPN -> IPSec -> IPSec Peers ->
![]() |
None (use Default Profile) |
Phase 2 Profile |
VPN -> IPSec -> IPSec Peers ->
![]() |
None (use Default Profile) |
XAUTH Profile |
VPN -> IPSec -> IPSec Peers ->
![]() |
radius_server |
Start mode |
VPN -> IPSec -> IPSec Peers ->
![]() |
On Demand |
Back Route Verify |
VPN -> IPSec -> IPSec Peers ->
![]() |
Disabled |
Proxy ARP |
VPN -> IPSec -> IPSec Peers ->
![]() |
Up or Dormant |
Mode |
VPN -> IPSec -> IPSec Peers ->
![]() |
Inactive |
Configuration of Phase 1 Profiles
Field | Menu | Value |
---|---|---|
Mode |
VPN -> IPSec
->Phase 1 Profiles ->
![]() |
Aggressive |
Local ID Type |
VPN -> IPSec
->Phase 1 Profiles ->
![]() |
E-mail Address |
Local ID Value |
VPN -> IPSec
->Phase 1 Profiles ->
![]() |
e.g. headoffice@bintec-elmeg.com |
Field | Menu | Value |
---|---|---|
Authentication Type | System Administration -> Remote Authentication -> RADIUS -> New | XAuth |
Server IP Address | System Administration -> Remote Authentication -> RADIUS -> New | e.g. 192.168.10.100 |
RADIUS Password | System Administration -> Remote Authentication -> RADIUS -> New | e. g. bintec elmeg |
Group description | System Administration -> Remote Authentication -> RADIUS -> New | e.g. xauth |
Configuration of the Windows 2003 RADIUS Server
Field | Menu | Value |
---|---|---|
Friendly name | New RADIUS Client | R3000 |
Client address (IP or DNS) | New RADIUS Client | 192.168.10.254 |
Client-Vendor | New RADIUS Client | e. g. bintec elmeg Communications GmbH |
Shared secret | New RADIUS Client | e. g. bintec elmeg |
Confirm shared secret | New RADIUS Client | e. g. bintec elmeg |
Policy Name | New Remote Access Policy Wizard | e.g. VPN_Client_Access |
Policy Conditions | New Remote Access Policy Wizard | e.g. Client-Vendor matches "BinTec Communications GmbH" |
Grant remote access permission | New Remote Access Policy Wizard | Enabled |
Edit Profile | New Remote Access Policy Wizard | Enabled |
Idle Timeout | Edit Dial-in Profile | 10 minutes |
Authentication | Edit Dial-in Profile | Unencrypted authentication (PAP, SPAP) |
Encryption | Edit Dial-in Profile | No encryption |
dial-in | user 1 Properties | Allowed access |
Configuration of bintec secure IPSec clients
Field | Menu | Value |
---|---|---|
Connector Type | Assistant for new profile | Connection to company network via IPSec |
Profile Name | Assistant for new profile | Head Office |
Connection Medium | Assistant for new profile | LAN (over IP) |
Gateway (Tunnel Endpoint) | Assistant for new profile | e.g. vpngateway.bintec-elmeg.com |
Advanced authentication (XAUTH) | Assistant for new profile | Enabled |
Exchange Mode | Assistant for new profile | Aggressive Mode |
PFS Group | Assistant for new profile | DH Group 2 (1024 Bit) |
Shared secret | Assistant for new profile | e. g. bintec elmeg |
Shared Secret (Retry) | Assistant for new profile | e. g. bintec elmeg |
Type | Assistant for new profile | e.g. Fully Qualified Username |
ID | Assistant for new profile | e.g. client1@bintec-elmeg.com |
IP address assignment | Assistant for new profile | Use IKE Config Mode |
Stateful Inspection | Assistant for new profile | off |
NetBIOS over IP | Assistant for new profile | Enabled |
Copyright© Version 01/2020 bintec elmeg GmbH |