User Manual
Table Of Contents
- Contents
- 1. Set Up and Access the Router
- 2. Specify Your Internet Settings Manually
- Use the Internet Setup Wizard
- Manually set up the router Internet connection
- Specify IPv6 Internet connections
- Requirements for entering IPv6 addresses
- Use Auto Detect for an IPv6 Internet connection
- Use Auto Config for an IPv6 Internet connection
- Set up an IPv6 6to4 tunnel Internet connection
- Set up an IPv6 6rd Internet connection
- Set up an IPv6 fixed Internet connection
- Set up an IPv6 DHCP Internet connection
- Set up an IPv6 PPPoE Internet connection
- Change the MTU size
- Set Up and Manage Dynamic DNS
- 3. Manage the Firewall and Security
- 4. Manage the LAN and VLAN Settings
- 5. Optimize Performance
- 6. Maintain the Router
- 7. Monitor the router and the router network
- 8. Set Up VPN Connections
- Set up an IPSec VPN connection
- Set up an OpenVPN connection
- Enable and configure OpenVPN on the router
- Install OpenVPN client software on a remote client
- Install the OpenVPN client utility and VPN configuration files on a Windows-based computer
- Install the OpenVPN client utility and VPN configuration files on a Mac
- Install the OpenVPN client utility and VPN configuration files on an iOS device
- Install the OpenVPN client utility and VPN configuration files on an Android device
- 9. Manage Port Forwarding and Port Triggering Traffic Rules
- 10. Troubleshooting
- A. Supplemental information
Set up an IPSec VPN connection
You can set up a site-to-site VPN tunnel using IP security (IPSec) between two VPN
routers. You do not need to install software such as OpenVPN to establish an IPSec
tunnel, but the router at the other site must be capable of supporting IPSec VPN. The
IPSec settings on each VPN router must be consistent for the tunnel to function. That is,
both VPN routers must use the same type of tunnel authentication and negotiation
exchange settings and tunnel encapsulation settings.
Note: For a site-to-site IPSec VPN connection, the router must be running firmware
version 5.5.1.1 or a later firmware version. If you use two BR200 routers for your
site-to-site IPSec VPN connection, both BR200 routers must be running the same firmware
version.
When you set up an IPSec VPN policy for a tunnel between two VPN routers, you are
defining the following IPSec VPN settings:
•
IP address settings. The address settings that allow the VPN routers to contact each
other. These include the WAN IP address of the remote VPN router, the remote LAN
subnet of the remote VPN router, and the local LAN subnet of the local VPN router
(that is, your router).
•
Phase 1 settings. The Internet Key Exchange (IKE) Phase 1 settings that define the
authentication and negotiation exchange between the two VPN routers before the
IPSec tunnel is established. You must specify the same pre-shared key (basically, a
password) and encryption and authentication algorithms on both VPN routers so
that the communication between the routers can be authenticated and is secure.
For this phase, the routers use the following:
- For encryption, an encryption algorithm (MD5 or an SHA version)
- For authentication, a hash algorithm (3DES or an AES version)
-
For verification and exchange of keys, a Diffie-Hellman group algorithm from
DH1 (less secure) to DH24 (more secure)
We recommend that you use the default Phase 1 settings, but you can customize
the Phase 1 settings for increased security.
•
Phase 2 settings. The IKE Phase 2 settings that define how the IPSec tunnel is set
up and encapsulated between the two VPN routers and how the tunnel traffic is kept
secure. To guard against modification of the traffic that is transported through the
tunnel, the routers use an encapsulation protocol, encryption algorithm, and an
integrity check algorithm.
User Manual124Set Up VPN Connections
Insight Managed Business Router BR200