Cradlepoint IBR1100 User Manual page 46

User Manual / IBR1100/IBR1150
Currently we only support identifiers in the form of an IP address, a user-fully qualified domain name (user@
mydomain.com) or just a fully qualified domain name (www.mydomain.com). If the remote side of the tunnel
is configured to expect an identifier, then both must match in order for the negotiation to succeed. If NAT-T is
being used, a single word (instead of an address) can be used if a DynDNS connection is not being used.
Remote Identity: Specifies the identifier we expect to receive from the remote host during phase 1
negotiation. If no identifier is defined then no verification of the remote peer's identification will be done.
Currently we only support identifiers in the form of an IP address, a user-fully qualified domain name (user@
mydomain.com) or just a fully qualified domain name (www.mydomain.com). If left blank we will default to the
IP address of the WAN connection. If NAT-T is being used, a single word (instead of an address) can be used if a
DynDNS connection is not being used.
Authentication Mode: Select from Pre-Shared Key and Certificate. Pre-Shared Key is used when there is a
single key common to both ends of the VPN. Certificate requires the creation of a set of certificates and a
private key that can be uploaded to the router. Select Enable Certificate Support in the Global VPN Settings
section to upload a single set of certificates for the router to use.
Pre-Shared Key: Create a password or key. The routers on both sides of the tunnel must use this same key.
Mode: Select from Tunnel, Transport or VTI-Tunnel. Tunnel Mode is used for protecting traffic between
different networks, when traffic must pass through an intermediate, untrusted network. Transport Mode is
used for end-to-end communications (for example, for communications between a client and a server). VTI
Tunnel creates a virtual tunnel interface with a specified virtual IP address. This interface can then be added to
the zone firewall.
Initiation Mode: Always On or On Demand. Always On is used if you want the tunnel to initiate the tunnel
connection whenever the WAN becomes available. Select On Demand if you want the tunnel to initiate a
connection if and only if there is data traffic bound for the remote side of the tunnel.
Tunnel Enabled: Enabled or Disabled.
Add/Edit Tunnel – Local Gateway
IP Version: Select IPv4 or IPv6.
WAN Binding: WAN Binding is an optional parameter
used to configure the VPN tunnel to ONLY operate when
the specified WAN device(s) are available and connected.
An example use case is when there is a router with both
a primary and failover WAN device and the tunnel should
only be used when the system has failed over to the
backup connection.
Make a selection for "When," "Condition," and "Value" to
create a WAN Binding. The condition will be in the form
of these examples:
When
Port
Type
• When:
• Port – Select by the physical port on the router that you are plugging the modem into (e.g., "USB
Port 2").
• Manufacturer – Select by the modem manufacturer (e.g., "Cradlepoint Inc.").
Condition
Is
Is not
©2016 Cradlepoint. All Rights Reserved.
Value
USB Port 1
WiMax
| +1.855.813.3385 | cradlepoint.com
7/15/16
46