Example: Configure Vpn Access With Ipsec Tunnels - Digi IX14 User Manual

Virtual private networks (VPNs)

Example: Configure VPN access with IPSec tunnels

This example demonstrates how to build an IPSec tunnel through the Digi IX14 WAN connection and
use the IPSec tunnel to access endpoints inside a VPN.
To set up VPN access via an IPSec tunnel, you need the following:
Active WAN connection on the Digi IX14
n
IPsec credentials and settings to build a tunnel to the IPsec endpoint
n
Rule to allow return traffic from the remote network through the IPsec tunnel back to the local
n
LAN devices
The sample configuration shows a Digi IX14 with a tunnel to a VPN server at 12.13.14.15 through its
cellular modem. The client laptop connected to the Digi IX14 LAN Ethernet port can then use the IPsec
tunnel to access any IP address in the 10.255.0.0/16 range behind the IPsec server. Any traffic not
destined for 10.255.0.0/16 goes through the cellular modem straight to the Internet.
To configure the IPSec tunnel on the Digi IX14
1. From the menu, click Configuration.
2. Open VPN > IPsec > Tunnels.
3. Add a new tunnel named Tunnel and configure the following options:
Pre-shared key: Enter the pre-shared key to authenticate with the peer.
(Optional) XAUTH client, check Enable and enter the XAUTH client Username and Password.
Enable MODECFG client: Enable this option to allow receipt of the MODECFG attributes to
configure the IP address and DNS server for the tunnel.
Local endpoint: Do one of the following:
Set the ID Type to KeyID and set the KeyID value. This builds the tunnel through any
n
available WAN interface.
Set the Local endpoint > type to the Interface and set the Local endpoint >
n
Interface to Modem. This builds the tunnel only through the cellular modem WAN
interface.
Remote endpoint: Open ID and set the ID Type to IPv4 and enter the IPv4 ID value for the
hostname.
IKE: Set the IKE > Mode to Aggressive mode and set the IKE > Phase 1 Proposals and IKE >
Phase 2 Proposals to match the IKE settings required by the IPSec server. In this example,
both proposals are set to AES128, SHA1, MOD768.
4. In Tunnel > Policies, add a new policy and set the following options:
Set Policy > Local network > Type to Request a network.
n
Set Policy > Remote network to the IPv4 network to access through the tunnel. In this
n
sample, the remote network is 10.255.0.0/16.
Note If you want to have all outbound traffic go through this tunnel, set Policy > Remote
Network to 0.0.0.0/0.
5. Add a packet filtering rule to allow return traffic:
In Firewall > Packet Filtering, click Add to add a new packet filter.
n
Set Label to Allow all incoming traffic to IPsec tunnel.
n
Digi IX14 User Guide
Example: Configure VPN access with IPSec tunnels
67