Table of Contents
Advertisement
5.2
CONFIGURATION SUMMARY
The first case demonstrates configuring IPsec tunnels on the Vanguard 3000. The second example demonstrates
configuring the Vanguard to use a DMZ for VPN pass-through between IPsec clients and a remote host over a router
acting as a VPN server.
Detailed configuration examples are provided for each scenario.
5.2.1 CASE #1: VANGUARD CONFIGURED IPSEC CLIENT
Overview
IPsec is a security protocol that provides secured communication tunnels over IP. As you create IPsec tunnels through
the Vanguard 3000 Web interface in the Security » IPsec tab, they will be displayed in the Tunnel Table at the bottom
of the IPsec tab. All tunnels are created using the ESP (Encapsulating Security Payload) Protocol.
The following figure depicts an IPsec tunnel between a Remote Telemetry Unit (RTU) and Application Server.
Figure 55 Vanguard configured as an IPsec client
Prerequisite Information
In order to implement IPsec with the Vanguard 3000 and to successfully connect to a VPN server and secure data
between two endpoints, you will need to know the following information.
• Tunnel Label
• Vanguard 3000 local subnet
• Vanguard 3000 PPP IP Address
• Firewall IP Address (remote IP Address)
• VPN Server IP Address (Remote ID optional—not usually required if firewall and VPN server are the same unit)
• Remote Subnet
• Phase1 Encryption details
• Phase 2 Encryption details
• Pre-Shared Key (PSK)
• Perfect Forward Security (PFS) Enabled or Disabled
• Dead Peer Detection (DPD) delay (seconds), timeout (seconds) and action
If you do not have this information, contact your network integrator.
Vanguard 3000 Series Multicarrier Cellular Data Modem & IP Router PN 001-7300-100 Rev. B
| Page 91
Advertisement
Table of Contents
