Manualshelf

Operation Manual

ManualsBrandsCradlepoint ManualscomputerAER3100
151152153154155156157158159160
Failover Tunnel and Failback Tunnel: Use these settings to create two tunnels – one as the primary tunnel and one as
the backup tunnel. To configure tunnel failover/failback, complete the following steps:
1. Create two tunnels: one for primary and one for backup. Make sure that both tunnels have the same Remote
Network and that both have Dead Peer Detection enabled.
2. Choose one to be the primary tunnel. Open the editor for this tunnel and make sure Tunnel Enabled is selected.
Then go to the Dead Peer Detection page. Under Failover Tunnel select the other tunnel you have created.
3. Open the editor for the failover tunnel. Make sure Tunnel Enabled is not selected. On the Dead Peer Detection
page, set the Failback Tunnel to your primary tunnel.
Global VPN Settings
These settings apply to all configured VPN tunnels.
Enable Certificate Support: Enabling Certificate Support will allow you to load a certificate for VPN to the router. Click
the “Upload Certificate” button to browse for a certificate on a local device. Disabling certificate support will no longer
use any previously loaded certificate but will not delete it from the router. Only one certificate at a time is supported.
IKE / ISAKMP Port: Internet Key Exchange / Internet Security Association and Key Management Protocol port. (Default:
500. This is a standard VPN port that usually does not need to be changed.)
IKE / ISAKMP NAT-T Port: Internet Key Exchange / Internet Security Association and Key Management Protocol
network address translation traversal port. (Default: 4500. This is a standard VPN NAT-T port that usually does not need
to be changed.)
NAT-T KeepAlive Interval: Number of seconds between sending NAT-T packets to keep the tunnel alive if no other
traffic is being sent. (Default: 20 seconds. Range: 0-3600 seconds. 20 seconds will be sufficient in almost all cases.)
Tunnel Connect Retry: Number of seconds between connection attempts. (Default: 30 seconds. Range: 10-255
seconds. 30 seconds will be sufficient in almost all cases.)
VPN with NAT-T
If one side of a planned VPN tunnel is behind a NAT (network address translation) firewall, the setup of your tunnel
requires the following specifications:
1. Each side of the tunnel must use both a Local Identity and a Remote Identity. These must match the identities on
159