Cradlepoint Technology mbr1200 User Guide
CRADLEPOINT
MBR1200 | USER MANUAL Firmware ver. 1.6.12
© 2010 CRADLEPOINT, INC. PLEASE VISIT
HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
FOR MORE HELP AND RESOURCES
PAGE 92
7.5 IPsec VPN
Use the IPsec sub-menus to set policies that are used to
create a secure connection to a private network or allow
others to connect in a very secure way.
create a secure connection to a private network or allow
others to connect in a very secure way.
7.5.1
Add IPsec Policy
In this section you can add and edit IPSec policies to connect
via private networks. Please note that the policies must
match between routers when creating a connection. In other
words, while the names of the policies can be different, the
Hash, Cipher, Group, Timeouts, Pre-shared keys, or manual
settings must correspond for a successful connection.
via private networks. Please note that the policies must
match between routers when creating a connection. In other
words, while the names of the policies can be different, the
Hash, Cipher, Group, Timeouts, Pre-shared keys, or manual
settings must correspond for a successful connection.
Name. Add a name to identify the polity and distinguish one
policy from another.
policy from another.
VPN Tunnel. Tunnel mode allows a remote network to
appear as though it is a part of the local network. All
machines behind the remote LAN will be visible to the local
network. Transport mode, enabled by un-checking the VPN
Tunnel check box, creates an encrypted connection
terminating at the remote network‟s router. Inbound
connections are then forwarded to the appropriate machine
on the remote LAN. Please note: Transport mode requires
the additional step of a configured port forward policy. Only
data sent and received across networks with an IPSec policy
will be encrypted for both Tunnel and Transport.
appear as though it is a part of the local network. All
machines behind the remote LAN will be visible to the local
network. Transport mode, enabled by un-checking the VPN
Tunnel check box, creates an encrypted connection
terminating at the remote network‟s router. Inbound
connections are then forwarded to the appropriate machine
on the remote LAN. Please note: Transport mode requires
the additional step of a configured port forward policy. Only
data sent and received across networks with an IPSec policy
will be encrypted for both Tunnel and Transport.
Log messages related to IPSec VPN can be found on the
Status
Status
→ Logs page. To reduce the number of log
messages generated by IPSec negotiations un-check the
Firewall & Security checkbox in the Log Options section.
Firewall & Security checkbox in the Log Options section.
Remote Gateway. While this can be the WAN IP of the
remote network it is recommended you use a dynamic DNS account host name. You can configure your DynDNS settings in the Tools
remote network it is recommended you use a dynamic DNS account host name. You can configure your DynDNS settings in the Tools
page. By using the remote router‟s dynamic DNS host name when configuring your IPSec policy updates of the remote WAN IP
are compensated for while connecting to a VPN.
(continued)