Overview of Configuration Steps

Configuration of gateway in head office (bintec R3002)

Field	Menu	Value
IP address	Dime Manager -> IP Settings	e.g. `192.168.0.1`

Configuration of Internet access (head office)

Field	Menu	Value
Connector Type	Assistant -> Internet Access -> New	`Internal ADSL Modem`
Description	Assistant -> Internet Access -> Next	`ADSL`
Internet Service Provider	Assistant -> Internet Access -> Next	e.g. `Germany - T-Home`
User Name	Assistant -> Internet Access -> Next	e.g. `0000111111#0001@t-online.de`
Password	Assistant -> Internet Access -> Next	e.g. `supersecretgeheimkey`
Always Active	Assistant -> Internet Access -> Next	`Enabled`

Configuration of VPN IPSec access (head office)

Field	Menu	Value
Connector Type	Assistant -> VPN -> New	`IPSec - LAN-to-LAN connection`
Description	Assistant -> VPN -> Next	`branch1`
Local IPSec ID	Assistant -> VPN -> Next	e.g. `212.212.212.1`
Remote IPSec ID	Assistant -> VPN -> Next	e.g. `branch1`
Preshared Key	Assistant -> VPN -> Next	e.g. `supersecretgeheimkey`
Local IP Address	Assistant -> VPN -> Next	`192.168.0.1`
IP Address of Remote Network	Assistant -> VPN -> Next	`192.168.1.0`
Netmask	Assistant -> VPN -> Next	`255.255.255.0`

Configuration of gateway in branch (bintec RS120)

Field	Menu	Value
IP address	Dime Manager -> IP Settings	e.g. `192.168.1.1`

Configuration of Internet access (branch)

Field	Menu	Value
Connector Type	Assistant -> Internet Access -> New	`External xDSL Modem`
Description	Assistant -> Internet Access -> Next	`ADSL`
Physical Ethernet Port	Assistant -> Internet Access -> Next	e.g. `ETH5`
Internet Service Provider	Assistant -> Internet Access -> Next	e.g. `Germany - T-Home`
User Name	Assistant -> Internet Access -> Next	e.g. `111111111222222#0001@t-online.de`
Password	Assistant -> Internet Access -> Next	e.g. `supersecretgeheimkey`
Always Active	Assistant -> Internet Access -> Next	`Enabled`

Configuration of VPN IPSec access (branch)

Field	Menu	Value
Connector Type	Assistant -> VPN -> New	`IPSec - LAN-to-LAN connection`
Description	Assistant -> VPN -> Next	`Head Office`
Local IPSec ID	Assistant -> VPN -> Next	e.g. `branch1`
Remote IPSec ID	Assistant -> VPN -> Next	e.g. `212.212.212.1`
Preshared Key	Assistant -> VPN -> Next	e.g. `supersecretgeheimkey`
Local IP Address	Assistant -> VPN -> Next	`192.168.1.1`
IPSec Peer Address	Assistant -> VPN -> Next	212.212.212.1
IP Address of Remote Network	Assistant -> VPN -> Next	`192.168.0.0`
Netmask	Assistant -> VPN -> Next	`255.255.255.0`

Prioritisation of VPN tunnel

Field	Menu	Value
Start mode	VPN -> IPSec -> IPSec Peers -> -> Advanced Settings	`Always Active`

Creation of QoS filters

Field	Menu	Value
Description	Routing -> QoS -> QoS Filter -> New	`IKE`
Protocol	Routing -> QoS -> QoS Filter -> New	`udp`
Destination port/range	Routing -> QoS -> QoS Filter -> New	`500`
Source Port/Range	Routing -> QoS -> QoS Filter -> New	`500`
DSCP/TOS	Routing -> QoS -> QoS Filter -> New	`Ignore`
Description	Routing -> QoS -> QoS Filter -> New	`ESP`
Protocol	Routing -> QoS -> QoS Filter -> New	`esp`
Description	Routing -> QoS -> QoS Filter -> New	`NAT-T_1`
Protocol	Routing -> QoS -> QoS Filter -> New	`udp`
Destination port/range	Routing -> QoS -> QoS Filter -> New	`4500`
Description	Routing -> QoS -> QoS Filter -> New	`NAT-T_2`
Protocol	Routing -> QoS -> QoS Filter -> New	`udp`
Source Port/Range	Routing -> QoS -> QoS Filter -> New	`4500`

Assignment of QoS filters to QoS classes

Field	Menu	Value
Description	Routing -> QoS -> QoS Classification -> New	`VPN-IPSec`
Filter	Routing -> QoS -> QoS Classification -> New	e.g. `IKE`
Direction	Routing -> QoS -> QoS Classification -> New	`Outgoing`
High priority class	Routing -> QoS -> QoS Classification -> New	`Enabled`
Interface	Routing -> QoS -> QoS Classification -> New	`ADSL`
Class plan	Routing -> QoS -> QoS Classification -> New	`VPN-IPSec`
Filter	Routing -> QoS -> QoS Classification -> New	e.g. `ESP`
Direction	Routing -> QoS -> QoS Classification -> New	`Outgoing`
High priority class	Routing -> QoS -> QoS Classification -> New	`Enabled`
Class plan	Routing -> QoS -> QoS Classification -> New	`VPN-IPSec`
Filter	Routing -> QoS -> QoS Classification -> New	e.g. `NAT-T_1`
Direction	Routing -> QoS -> QoS Classification -> New	`Outgoing`
High priority class	Routing -> QoS -> QoS Classification -> New	`Enabled`
Class plan	Routing -> QoS -> QoS Classification -> New	`VPN-IPSec`
Filter	Routing -> QoS -> QoS Classification -> New	e.g. `NAT-T_2`
Direction	Routing -> QoS -> QoS Classification -> New	`Outgoing`
High priority class	Routing -> QoS -> QoS Classification -> New	`Enabled`

Enabling QoS on the WAN interface

Field	Menu	Value
Interface	Routing -> QoS -> QoS Interfaces/Policies -> New	`ADSL`
Priority algorithm	Routing -> QoS -> QoS Interfaces/Policies -> New	`Priority Queueing`
Size of the protocol header below layer 3	Routing -> QoS -> QoS Interfaces/Policies -> New	`PPP over Ethernet`

Copyright© Version 01/2020 bintec elmeg GmbH