Table of programmable parameters 3.2, 72 gre, Ipsec – 2N Wireless 3G router 2N EasyRoute_old design - User manual, 1571 v1.06 User Manual
Page 72
Table of Programmable Parameters
3.2
72
GRE
Here set the VPN tunnel between two 2N
®
EasyRoute units, or between one 2N
®
EasyRoute unit and a GRE-supporting device.
The principle is that you set a subnet and a public IP address on one device and then
the same on the other, thus creating an exclusive VPN tunnel between these two
devices.
Enabled
Enable/disable the GRE tunnelling function.
Network
Set the opposite subnet IP address and mask in the CIDR format, e.g.
192.168.24.0/21.
Endpoint
Set the public IP address of the opponent.
Warning
n
Do not use the GRE tunnel together with the WiFi HotSpot function.
IPsec
IPsec is a function that enables two devices to communicate in a secure manner,
through encryption. ‘Secure’ means not only to prevent anyone from seeing the
content of your packets but also identify any intruder or violator. IPsec is capable of
protecting you reliably in this respect. IPsec has two modes – the Main mode and
Quick mode. The Internet Key Exchange (IKE) security protocol works in the Main
mode, verifying the two sides of the encrypted connection and establishing the initial
secure communication. No data are transmitted in the main mode. 2N® EasyRoute
uses the ISAKMP for this phase. The Quick mode is used for data transmission, which
is the essence of IPsec. There is also a simplified Aggressive mode, a combination of
the Main and Quick modes with a slightly limited security level used for connection of
clients without a fixed IP address (from dial-up, e.g.). A lower security level,
however, is compensated by additional authorisation (xauth – cross authorisation).
IPsec connection is point-to-point only. If you want to interconnect three points, use
three IPsec connections, two per IPsec gateway. Or, select one central point and
connect all the other points to it. The advantage of this solution is just one tunnel per
endpoint (extension) but more tunnels at the central point. The extensions see each
other through the central point but the data flow between them loads the central line
twice – it is the so-called delta configuration. Keep this in mind while building your
network and always choose the proper method.
Caution
Setting the IPsec function is rather difficult. Therefore, we are not
going to present any precise tunnel setups but only describe the
parameters.