Router R1 Configuration; Configure Ipsec Transport Mode Connection; Configure Gre Tunnel - GE MDS ORBIT MCR Technical Manual

primary interface. If the reachability check determines that the network link is down, then that
primary route is removed and, as a result, the traffic towards the back-office network now uses the
secondary route (over Cell). If the reachability check determines that the network link is back up,
the primary route is added back and, as a result, the traffic towards the back-office network now
uses the primary route (over NX) again.
3. Ability to tunnel private customer traffic over public cellular network using GRE tunneling (IP-
OVER-GRE mode) or GRE with IPsec tunneling, in case, end-to-end security is desired. The GRE
tunnel provides a routed interface that can then be used as the outgoing interface in the secondary
route.
AP Configuration
In this use case, the AP is not involved in the failover and hence should be configured as usual with NX
interface in AP mode.

Router R1 Configuration

The R1 router in this case could be a routing appliance from Cisco or Juniper etc. Following features need
to be configured on this device:
IPsec transport mode connection – To secure GRE traffic from back-office to the Remotes over
1.
Cellular network.
GRE tunnel – To route the traffic from back-office to the Remotes over Cellular network.
2.
3. A network/link monitoring operation that checks connectivity to each remote over the primary
interface and that enables primary route to be used when connectivity is up and secondary route to
be used when connectivity is down.
4. Primary and secondary routes towards each Remote LAN network.
The user should refer to user manual of the specific device to configure these features.
REMOTE#1 Configuration
Following features need to be configured on this device:
1. IPsec transport mode connection– To secure GRE traffic from local LAN segment to back-office
over Cellular network.
GRE tunnel – To route the traffic from local LAN segment to back-office over Cellular network.
2.
3. A network monitoring operation that checks connectivity to back-office network over the primary
interface (i.e. NX) and that enables primary route to be used when connectivity is up and secondary
route to be used when connectivity is down.
4. Primary and secondary routes towards the back-office network.
Using the Web UI

Configure IPsec Transport Mode Connection

1. Configure an IPsec VPN connection with host-to-host connection type. Please refer to section on
VPN for help with configuring IPsec VPN using Web UI.

Configure GRE tunnel

2. Configure GRE tunnel interface with mode = ip-over-gre, src-address = 10.150.1.10 (the local Cell
interface address) and dst-address = 10.150.1.1 (the WAN address of the R1 router).
- Navigate to Interfaces / Add/Delete Interfaces and click 'Add' to create new interface named
'GRE1':
324 MDS Orbit MCR/ECR Technical Manual MDS 05-6632A01, Rev. F