Multitech RouteFinder RF825-C-Nx, RouteFinder RF825-E, RouteFinder RF825-C-Nx-AP, RouteFinder RF825-E-AP Reference Manual

RouteFinder

SOHO Security Appliance

RF825-E, RF825-E-AP

RF825-C-Nx, RF825-C-Nx-AP

SOHO

EDGE Models

CDMA Models

IPSec VPN Setup Examples

Reference Guide

IPSec VPN Setup Examples Reference Guide RouteFinder SOHO Internet Security Appliance EDGE Models: RF825-E, RF825-E-AP CDMA Models: RF825-C-Nx, RF825-C-Nx-AP PN S000440B, Revision B

Multi-Tech Systems, Inc. makes no representations or warranties with respect to the contents hereof and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. F urthermore, Multi-Tech Systems, Inc. reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of Multi-Tech Systems, Inc. to notify any person or organization of such revisions or changes.

Revision Date Description

A 06/25/07 Initial release. B 11/13/07 Updated for software 1.40 (Affects the Save & Restart functionality in this example

document).

Trademarks

The Multi-Tech logo and RouteFinder are registered trademarks of Multi-Tech Systems, Inc.

World Headquarters

Multi-Tech Systems, Inc. 2205 Woodale Drive Mounds View, Minnesota 55112 Phone: 763-785-3500 or 800-328-9717 Fax: 763-785-9874 Internet Address: http://www.multitech.com

Technical Support Country By Email By Phone

Europe, Middle East, Africa: support@multitech.co.uk +(44) 118 959 7774 U.S., Canada, all others: support@multitech.com (800) 972-2439 or 763-717-5863

Multi-Tech Systems, Inc. RF825 Series IPSec VPN Setup Examples – A Reference Guide (S000440B) 2

Chapter 1 – Non-NAT Setup Examples

Contents

Chapter 1 – Non-NAT Setup Examples ......................................................................................................................4

Prerequisite Step – Set Up VPN Client Using IPSec VPN Client Software.....................................................4

Prerequisite Step 1 – VPN Client Phase 1 Set Up....................................................................................4

Prerequisite Step 2 – Phase 2 Setup........................................................................................................5

Example 1 – Set Up a RouteFinder and a VPN Client Behind a Non-NAT Device..........................................6

Example 2 – A Setup Using Two RouteFinders Behind a Non-NAT Device .................................................10

Chapter 2 – NAT Setup Examples.............................................................................................................................18

Prerequisite Steps – Set Up VPN Client Using IPSec VPN Client Software.................................................18

Prerequisite Step 1 – VPN Client Phase 1 Setup (Behind NAT).............................................................18

Prerequisite Step 2 – Client Phase 1 Advanced Setup (Behind NAT)....................................................19

Prerequisite Step 3 – Client Phase 2 Setup (Behind NAT).....................................................................20

Example 1 – Set Up a RouteFinder with a Tunnel to a Client Behind a NAT Device...................................21

Step 1 – Network Setup..........................................................................................................................21

Step 2 – Packet Filters............................................................................................................................22

Step 3 – VPN Setup................................................................................................................................22

Example 2 – Set Up Two RouteFinders Behind a NAT Device......................................................................25

Step 1 -- Network Setup .........................................................................................................................25

Step 2 – Packet Filters............................................................................................................................26

Step 3 -- VPN Setup...............................................................................................................................27

Example 3 – Set Up the RouteFinder Going to a VPN behind a NAT Device...............................................28

Step 1 -- Network Setup .........................................................................................................................28

Step 2 – Packet Filters............................................................................................................................29

Step 3 -- VPN Setup...............................................................................................................................29

Chapter 3 – A Reference Table of Commonly Supported Subnets........................................................................32

Multi-Tech Systems, Inc. RF825 Series IPSec VPN Setup Examples – A Reference Guide (S000440B) 3

Chapter 1 – Non-NAT Setup Examples

Chapter 1 – Non-NAT Setup

Examples

Prerequisite Step – Set Up VPN Client Using IPSec VPN Client Software

The Non-NAT setup requires the VPN client to be set up first in the IPSec VPN Client software, and then the VPN tunnel for the RouteFinder can be set up using the RouteFinder software.

Prerequisite Step 1 – VPN Client Phase 1 Set Up

1. Open the IPSec VPN Client software.

2. Right click on RouteFinder Client VPN Configuration and select New Phase 1.

3. Enter a name for your connection in the Name field.

4. Choose Any for the client Interface if your IP address is dynamic or the IP address

provided by your ISP if Static (e.g., 65.126.90.250).

5. In the Remote Gateway field, enter the IP address of the VPN WAN for your Remote

Gateway (e.g., 65.126.90.248).

6. Enter the Shared Secret in Preshared Key for your network (the Secret has to match

on both ends). Then Confirm the shared secret by retyping the shared secret.

7. For IKE Authentication choose MD5.

Multi-Tech Systems, Inc. RF825 Series IPSec VPN Setup Examples – A Reference Guide (S000440B) 4

Prerequisite Step 2 – Phase 2 Setup

1. Start Phase 2 by right clicking on the name of your VPN Client you created in Phase 1.

2. The VPN Client address will be set to 0.0.0.0 unless you have a Static IP address (e.g.,

65.126.90.250).

3. The Address type is the type of setup on the host side. If it’s a network, then choose

Subnet address from the drop down list box and enter in the Remote LAN address (e.g., 192.168.25.0) and the Subnet Mask (e.g., 255.255.255.0). If it’s a single IP address, change it to that address.

4. For ESP Authentication choose MD5.

Chapter 1 – Non-NAT Setup Examples

Multi-Tech Systems, Inc. RF825 Series IPSec VPN Setup Examples – A Reference Guide (S000440B) 5

Chapter 1 – Non-NAT Setup Examples

Example 1 – Set Up a RouteFinder and a VPN Client Behind a Non-NAT Device

Note: Prerequisite Steps must be completed before you start this setup.

Step 1 – Network Setup

1. Log in to your RouteFinder and go to the Networks & Services screen.

2. Enter the Name of the network that you want to create for this connection.

Example: vpn-client.

3. Enter the IP Address of this new network. Example: 65.126.90.250

4. Enter the Subnet Mask for this network. The same address/mask pair should not be present

in the current list displayed on the screen.

5. Click the ADD button to add the new network

Multi-Tech Systems, Inc. RF825 Series IPSec VPN Setup Examples – A Reference Guide (S000440B) 6

Step 2 – Packet Filters

1. Go to the Packet Filters screen to set the VPN client rights. These rights give the client

access across the tunnel to your host network.

2. Click on From (Host/Networks) and select the network you are allowing.

Example: vpn-client.

3. If you are not restricting the type of service, select Any for the To (Host/Network).

4. If the client is dynamic (unknown), set up an Any Any Any ACCEPT filter to allow any

network to come in.

5. Click the Add button to add this Packet Filter rule.

Chapter 1 – Non-NAT Setup Examples

Important Note: Do not check the Status box. When adding a user-defined rule, leave the Status box unchecked.

Multi-Tech Systems, Inc. RF825 Series IPSec VPN Setup Examples – A Reference Guide (S000440B) 7

Step 3 – VPN Setup

1. Go to the VPN > IPSec screen.

2. Click the VPN Status check box to enable IPSec. Then click the Save button.

3. Select Add an IKE Connection by clicking the corresponding Add button.

Chapter 1 – Non-NAT Setup Examples

The Add an IKE Connection screen displays. All settings can be left at the default unless otherwise indicated:

1. Connection Name: Enter in the name of the VPN tunnel you want to create. Example: vpn-

client.

2. Secret: Enter in the Secret (which has to match on both ends of the tunnel)

3. Local WAN IP: Select WAN1

4. Local LAN: Select LAN

5. Remote LAN: Select vpn-client. Note that you select Any if the remote client is Dynamic.

6. Click the Save button to save your tunnel.

Multi-Tech Systems, Inc. RF825 Series IPSec VPN Setup Examples – A Reference Guide (S000440B) 8

Chapter 1 – Non-NAT Setup Examples

Note:

Make sure to check the Status box at the bottom of the screen on the left side to activate the newly created tunnel.

Step 4 – Save and Restart

Select the Save and Restart button located just under the menu bar. The Save and Restart screen displays.

Save to Flash Memory

If a connection is established, then the settings have been entered correctly and your basic configuration is now complete. Now, you must save your settings to the Flash Memory; this saves the current settings in the flash prom and prevents settings from getting lost at the next power up.

Restart

This is optional. You do not have to restart the RouteFinder after saving to the flash memory.

Step 5 – Checking the Tunnel

To see if the tunnel is up you can click on Statistics & Logs and go to the IPSec Live Log. You will see whether or not the connection is up. You will also see information about the data, if any, that is being sent across the tunnel.

Multi-Tech Systems, Inc. RF825 Series IPSec VPN Setup Examples – A Reference Guide (S000440B) 9

Chapter 1 – Non-NAT Setup Examples

Example 2 – A Setup Using Two RouteFinders Behind a Non-NAT Device

Side A Side B

Note: Prerequisite Steps must be completed before you start this setup.

The Following Directions Apply to Side A of Example 2

Step 1 for Side A – Network Setup

1. Log in to your RouteFinder and go to the Networks & Services screen.

2. Enter a Name for the remote WAN IP address. Example: Remote-WAN

3. Enter the remote WAN IP Address (Ex. 65.126.90.250) with a single Subnet Mask of

255.255.255.255

4. Click Add to add the network to the list

5. Enter a Name for the remote LAN IP Address. Example: Remote-LAN

6. Enter the remote LAN IP Address (Ex. 192.168.2.0) with a network Subnet Mask for the

255.255.255.0.

Remote-WAN 65.126.90.248 255.255.255.255 Edit | Delete Remote-LAN 192.168.25.0 255.255.255.0 Edit | Delete

Once the network configuration is complete, the information about that network displays at the bottom of the screen.

Multi-Tech Systems, Inc. RF825 Series IPSec VPN Setup Examples – A Reference Guide (S000440B) 10

+ 23 hidden pages

Multitech RouteFinder RF825-C-Nx, RouteFinder RF825-E, RouteFinder RF825-C-Nx-AP, RouteFinder RF825-E-AP Reference Manual

Specifications and Main Features

Frequently Asked Questions

User Manual