Cradlepoint COR IBR350 Manual page 110

Add/Edit Tunnel – Remote Networks The Network Address and the Netmask define the remote network address range that local devices will
have access to via the VPN tunnel.
NOTE: the remote network IP address MUST be different from the local network IP address.
Optionally: A Port can be defined that will limit the traffic going through the VPN tunnel to only that port. If the field is left blank, any port will be
accepted by the tunnel.
Add/Edit Tunnel – IKE Phase 1 IKE security has two phases, Phase 1 and Phase 2. You have the ability to distinctly configure each phase, but
the default settings will be sufficient for most users.
To set up a tunnel with a remote site, you need to match your tunnel's IKE negotiation parameters with the remote site. By selecting several
encryption, hash, and DH group options, you improve your chances for a successful tunnel negotiation. For greatest compatibility, select all
options; for greatest security, select only the most secure options that your devices support.
Figure 140: Add/Edit VPN Tunnel IKE Phase 1
Exchange Mode: The IKE protocol has 2 modes of negotiating phase 1 – Main (also called Identity Protection) and Aggressive.
110