M2M Cellular Gateway
Scenario Application Timing
The security gateway can be located at branch office or mobile office. When the client
hosts behind the security gateway want to make a secure communication with the ones
behind another security gateway in headquarters or another branch office, both
security gateways need establish a VPN tunnel first. Both Intranets of security gateways
have their own subnet and the "Site to Site" tunnel scenario is used. "Site" means a
subnet of client hosts. Moreover, since the "Full Tunnel" feature is enabled at branch
office site, all packet flows will go through the established VPN tunnel between both
sites, including the HQ resource accessing and regular Internet accessing.
Scenario Description
Both Initiator and Responder of IPSec tunnel must have a "Static IP" or a "FQDN" for
"Site to Site" scenario.
Any peer gateway can be worked as an Initiator or a Responder of the IPSec VPN tunnel.
Two phases (IKE and IPSec) to negotiate for establishing an IPSec VPN tunnel with pre‐
shared key and optional X‐Auth account / password.
"Full Tunnel" feature to be enabled drives all packet flows from local site will be
transferred via the established VPN tunnel.
Parameter Setup Example
For Network‐A at HQ
Following 5 tables list the parameter configuration for above example diagram of IPSec
VPN tunnel in Network‐A.
Use default value for those parameters that are not mentioned in these 5 tables.
Configuration Path
IPSec
Index skipping is used to reserve slots for new function insertion, when required.
[IPSec]‐[Configuration]
■ Enable
190