Chapter 11 Defining Tunnels; Setting Up Gre Tunnels; Configuring Network-To-Network Virtual Private Networks (Vpns) - Multitech MultiConnect rCell 100 User Manual

CHAPTER 11 DEFINING TUNNELS

Chapter 11 Defining Tunnels

Setting Up GRE Tunnels

Tunneling allows the use of a public network to convey data on behalf of two remote private networks. It is also a
way to transform data frames to allow them to pass networks with incompatible address spaces or even
incompatible protocols. Generic Routing Encapsulation (GRE) is a tunneling mechanism that uses IP as the
transport protocol and can be used for carrying many different passenger protocols.
The tunnels behave as virtual point-to-point links that have two endpoints identified by the tunnel source and
tunnel destination addresses at each endpoint. Configuring a GRE tunnel involves creating a tunnel interface, which
is a logical interface, then configuring the tunnel endpoints for the tunnel interface. To set up GRE tunnels:
1. From the Web Management interface, go to Tunnels > GRE Tunnels > GRE Tunnels Configuration.
2. Click Add Tunnel. A series of wizard pages helps you configure the connection.
3. In the Tunnel Name field, enter a name for the new tunnel.
4. (Optional) In the Description field, you can enter a description that helps you further identify the tunnel.
Click Next.
5. In the next wizard pane:
a. In the Remote WAN IP field, type the IP address of the gateway to which you want to connect.
b. (Optional) From the Saved Network drop-down list, select the network that is to be routed through
the tunnel. To select a local interface: Select the local interface on which the tunnel is being created.
Eventually, the packets destined for this tunnel will be routed through it.
c. If you are not using a saved network, in the Remote Network Route field, type the IP address of the
network that is routed through the tunnel.
d. If you are not using a saved network, in the Remote Network Mask field, type the mask of the
network.
e. Click Add Route. The defined GRE tunnel configuration is added and appears in the Network Routes
list.
6. Click Finish.
7. To save your changes, click Save and Restart.

Configuring Network-to-Network Virtual Private Networks (VPNs)

The device supports site-to-site VPNs via IPsec tunnels for secure network-to-network communication. Both tunnel
endpoints should have static public IP addresses and must be able to agree on the encryption and authentication
methods to use. Setting up an IPsec tunnel is a two-stage negotiation process. The first stage negotiates how the
key exchange is protected. The second stage negotiates how the data passing through the tunnel is protected. For
endpoints that do not have public static IP addresses, additional options may help such as NAT Traversal and
Aggressive Mode.
By default, based on the encryption method chosen, the device negotiates ISAKMP hash and group policies from a
default set of secure algorithms with no known vulnerabilities. This allows flexibility in establishing connections
with remote endpoints. There is an ADVANCED mode that provides a way to specify a strict set of algorithms to
use per phase, limiting the remote endpoint's negotiation options.
The default set of Hash Algorithms is: SHA-1, SHA-2, and MD5.
58
®
MultiConnect rCell 100 MTR-H5 User Guide