Ipsec; Manual Ipsec Key Exchange - Teltonika RUT104 User Manual

4.7.3

IPsec

The IPsec protocol client enables the router to establish a secure connection to an IPsec peer
via the Internet. IPsec is supported in two modes - transport and tunnel. Transport mode creates
secure point to point channel between two hosts. Tunnel mode can be used to build a secure
connection between two remote LANs serving as a VPN solution.
IPsec system maintains two databases: Security Policy Database (SPD) which defines whether
to apply IPsec to a packet or not and specify which/how IPsec-SA is applied and Security Association
Database (SAD), which contain Key of each IPsec-SA.
The establishment of the Security Association (IPsec-SA) between two peers is needed for
IPsec communication. It can be done by using manual or automated configuration.
Note: router starts establishing tunnel when data from router to remote site over tunnel is sent.
For automatic tunnel establishment used tunnel keep alive feature.
4.7.3.1

Manual IPSec Key exchange

Enable IPSec. Check box to enable IPSec
IPSec key exchange mode. Select the Manual or Automatic Key exchange.
Enable NAT traversal. Enable this function if client-to-client applications will be used.
Peers identifier type. Choose "fqdn" or "user fqdn" accordingly to your IPSec server
configuration.
Phase 1 and Phase 2 must be configured accordingly to the IPSec server configuration.
Remote Network Secure Group – Set the remote network (Secure Policy Database)
information.
Tunnel keep alive. Allows sending ICMP echo request (ping utility) to the remote tunnel
network. This function may be used to automatically start the IPSec tunnel.
Figure 22. Manual IPSec Key exchange
24 | P a g e