Ipsec - Teltonika RUT955 User Manual

RUT955 User's Manual
9.7.2

IPSec

The IPsec protocol client enables the router to establish a secure connection to an IPsec peer via the Internet. IPsec
is supported in two modes - transport and tunnel. Transport mode creates a secure point to point channel between two
hosts. Tunnel mode can be used to build a secure connection between two remote LANs serving as a VPN solution.
IPsec system maintains two databases: Security Policy Database (SPD) which defines whether to apply IPsec to a
packet or not and specify which/how IPsec-SA is applied and Security Association Database (SAD), which contains a Key
of each IPsec-SA.
The establishment of the Security Association (IPsec-SA) between two peers is needed for IPsec communication. It
can be done by using manual or automated configuration.
Note: the router starts establishing a tunnel when data is sent from the router to a remote site over the tunnel. The
Keep Alive feature is used for automatic tunnel establishment.
To create a new IPsec instance, go to the IPsec tab, type in a name for your new instance in the text field below the
IPsec tab and press the "Add" button next to it.
The newly created instance will be disabled and unconfigured. To configure it press the "Edit" button located next
to it (as seen in the example above). This action will redirect you to the instance's IPsec Configuration window.
Teltonika Solutions
139