Chapter 11 Defining Tunnels; Setting Up Generic Routing Encapsulation (Gre) Tunnels; Configuring Network-To-Network Virtual Private Networks (Vpns) - Multitech MultiConnect rCell 100 User Manual

CHAPTER 11 DEFINING TUNNELS

Chapter 11 Defining Tunnels

Setting up Generic Routing Encapsulation (GRE) tunnels

Tunneling allows the use of a public network to convey data on behalf of two remote private networks. It is also a
way to transform data frames to allow them to pass networks with incompatible address spaces or even
incompatible protocols. Generic Routing Encapsulation (GRE) is a tunneling mechanism that uses IP as the
transport protocol and can be used for carrying many different passenger protocols.
The tunnels behave as virtual point-to-point links that have two endpoints identified by the tunnel source and
tunnel destination addresses at each endpoint. Configuring a GRE tunnel involves creating a tunnel interface, which
is a logical interface, then configuring the tunnel endpoints for the tunnel interface. To set up GRE tunnels:
1. From Tunnels, select GRE Tunnels. The Tunnels: GRE Tunnels pane opens.
2. From the Tunnels:GRE Tunnels pane, click Add Tunnel. A series of wizard panels helps you configure the
connection.
3. In the Tunnel Name field, enter a name for the new tunnel.
4. In the description area, type a description that helps you further identify the tunnel. Click Next.
5. In the next wizard pane:
a. In the Remote WAN IP field, type the IP address of the gateway to which you want to connect.
b. (Optional) From the Saved Network drop-down list, select the network that is to be routed through
the tunnel. To select a local interface: Select the local interface on which the tunnel is being created.
Eventually, the packets destined for this tunnel will be routed through it
c. If you are not using a saved network, in the Network Route field, type the IP address of the network
that is routed through the tunnel.
d. If you are not using a saved network, in the Network Mask field, type the mask of the network.
e. Click Add Route. The defined GRE tunnel configuration is added and appears in the Network Routes
list.
6. Click Finish.

Configuring Network-to-Network Virtual Private Networks (VPNs)

The device supports site-to-site VPNs via IPsec tunnels for secure network-to-network communication. Both tunnel
endpoints should have static public IP addresses and must be able to agree on the encryption and authentication
methods to use. There is a two stage negotiation process to setting up an IPsec tunnel. The first stage negotiates
how the key exchange is protected. The second stage negotiates how the data passing through the tunnel is
protected. For endpoints that do not have public static IP addresses there are additional options that may help
such at NAT Traversal and Aggressive Mode.
By default, based on the encryption method chosen, the device negotiates ISAKMP hash and group policies from a
default set of secure algorithms with no known vulnerabilities. This allows flexibility in establishing connections
with remote endpoints. There is an ADVANCED mode that provides a way to specify a strict set of algorithms to
use per phase, limiting the remote endpoint's negotiation options.
The default set of Hash Algorithms are: SHA-1, SHA-2, and MD5.
The default set of DH Group Algorithms are: DH2(1024-bit), DH5(1536-bit), DH14(2048-bit), DH15(3072-bit),
DH16(4096-bit), DH17(6144-bit), DH18(8192-bit), DH22(1024-bit), DH23(2048-bit), and DH24(2048-bit).
50
®
MultiConnect rCell 100 MTR-H5 User Guide