cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable

Configuring IPSec

Purpose & Scope

This document provides instructions for setting up an IPSec connection.

Use Case

IPSec would be used in a case when added security is needed for a VPN connection. IPSec builds a tunnel through the Internet for a specific reason, like using VPN to telecommute. By using IPSec, your system is not contaminated by security risks occurring on the open Internet.

Steps

  1. Connect your PC to your CPE via the Ethernet Cable.
  2. If downloading via the WAN interface, proceed to step 3.
  3. Enter the IP address of the CPE device (WAN or LAN) in your browser URL dialog box.
    The default LAN IP is 192.168.1.1. The Authentication Required dialog box appears.
    IPSec_Login.jpg
  4. Enter your credentials.
    The default User Name is “admin” and default Password is “admin”. If your modem has different login credentials, contact your ISP. The Network Status page of the modem appears.
  5. Click Manage Gateway (Advanced).
    This link is either at the top right corner of the Network Status pane or at the bottom of the pane. The Device Info page appears.
    IPSec_DeviceInfo.jpg
  6. In the left menu, click Advanced Setup > IPSec.
    The IPSec page appears.
  7. Click Add New Connection.
    You can also remove currently set up connections. The IPSec Settings page appears.
    IPSec_Add.jpg
  8. Fill in the fields, using the information in the table below.
  9. Click Apply/Save.
    This task is completed.
Field Name Description
IPSec Connection Name Enter a descriptive name for this connection.
IP Version Select the IP version environment associated with your infrastructure. Options are IPv4 and IPv6.
Tunnel Mode Select the encapsulation method to be used. Options are:
  • AH: Use this mode to encapsulate a packet with AH and IP headers. For authentication, the entire packet is signed.
  • ESP: Use this mode to encapsulate a packet with ESP and IP headers. An ESP trailer is added to the packet for authentication and integrity.
Local Gateway Interface Select the WAN connection to be associated with this tunnel.
Remote IPSec Gateway Address Enter the WAN IP address for this tunnel.
Tunnel Access from Local IP Addresses
Tunnel Access from Remote IP Addresses
Select IP information for sites A and B. Options are:
  • Subnet: Allows access to the entire LAN.
  • Single Address: For single host, select this option.
Key Exchange Method The key-exchange method to be used for IPSec. Options are:
  • Auto(IKE): This method uses the negotiated key-exchange method for IPSec. This is the default and recommended for best results.
  • Manual: This method requires that you configure the details.
Authentication Method Select the method by which the remote end will authenticate. Options are:
  • Pre-Shared Key: A key is distributed to authorized users for logging into the system. Enter the key in the Pre-shared Key field.
  • Certificate (x.509): A certificate is used for authentication. Select the certificate file in the Certificate field that appears.
Perfect Forwarding Secrecy This setting determines whether a session key derived from a set of long-term keys is compromised if one of the long-term keys in the set is compromised.
  • Enable: Prevents long-term key from being compromised.
  • Disable: Permits long-term keys to be compromised.

Note: For SR515ac models, this field is named Perfect Forward Secrecy.

0 Kudos