Cradlepoint MBR1400 User Manual page 38

User Manual / MBR1400
has several different security protocol options for each phase, but the default selections will be sufficient for
most users.
The VPN tunnel status page allows you to view the state of the VPN tunnels. If a tunnel fails to connect to the
remote site, check the System Logs for more information. You may double click on a cell to directly edit that
information.
Click Add to configure a new VPN tunnel; click Edit to make changes to an existing tunnel.
Add/Edit Tunnel – General
Tunnel Name: Give the tunnel a name that uniquely
identifies it.
Anonymous Mode: Select to allow remote connections
from any IP address.
Responder Mode: When enabled, the router will not
initiate negotiation with peers.
Local Identity: Specifies the identifier sent to the
remote host during phase 1 negotiation. If left blank it
will default to the IP address of the WAN connection.
Currently we only support identifiers in the form of an
IP address, a user-fully qualified domain name (user@
mydomain.com) or just a fully qualified domain name
(www.mydomain.com). If the remote side of the tunnel
is configured to expect an identifier, then both must
match in order for the negotiation to succeed. If NAT-T is being used, a single word (instead of an address) can
be used if a DynDNS connection is not being used.
Remote Identity: Specifies the identifier we expect to receive from the remote host during phase 1
negotiation. If no identifier is defined then no verification of the remote peer's identification will be done.
Currently we only support identifiers in the form of an IP address, a user-fully qualified domain name (user@
mydomain.com) or just a fully qualified domain name (www.mydomain.com). If left blank we will default to the
IP address of the WAN connection. If NAT-T is being used, a single word (instead of an address) can be used if a
DynDNS connection is not being used.
Authentication Mode: Select from Pre-Shared Key and Certificate. Pre-Shared Key is used when there is a
single key common to both ends of the VPN. Certificate requires the creation of a set of certificates and a
private key that can be uploaded to the router. Select Enable Certificate Support in the Global VPN Settings
section to upload a single set of certificates for the router to use.
Pre-Shared Key: Create a password or key. The routers on both sides of the tunnel must use this same key.
Mode: Select from Tunnel, Transport or VTI-Tunnel. Tunnel Mode is used for protecting traffic between
different networks, when traffic must pass through an intermediate, untrusted network. Transport Mode is
used for end-to-end communications (for example, for communications between a client and a server). VTI
Tunnel creates a virtual tunnel interface with a specified virtual IP address. This interface can then be added to
the zone firewall.
Initiation Mode: Always On or On Demand. Always On is used if you want the tunnel to initiate the tunnel
connection whenever the WAN becomes available. Select On Demand if you want the tunnel to initiate a
connection if and only if there is data traffic bound for the remote side of the tunnel.
Tunnel Enabled: Enabled or Disabled.
Add/Edit Tunnel – Local Gateway
©2015 Cradlepoint. All Rights Reserved. | +1.855.813.3385 | cradlepoint.com 38