beautypg.com

Table of programmable parameters 3.2, 72 gre, Ipsec – 2N Wireless 3G router 2N EasyRoute_old design - User manual, 1571 v1.06 User Manual

Page 72

background image

Table of Programmable Parameters

3.2

72

GRE

Here set the VPN tunnel between two 2N

®

EasyRoute units, or between one 2N

®

EasyRoute unit and a GRE-supporting device.
The principle is that you set a subnet and a public IP address on one device and then

the same on the other, thus creating an exclusive VPN tunnel between these two

devices.

Enabled

Enable/disable the GRE tunnelling function.

Network

Set the opposite subnet IP address and mask in the CIDR format, e.g.

192.168.24.0/21.

Endpoint

Set the public IP address of the opponent.

Warning

n

Do not use the GRE tunnel together with the WiFi HotSpot function.

IPsec

IPsec is a function that enables two devices to communicate in a secure manner,

through encryption. ‘Secure’ means not only to prevent anyone from seeing the

content of your packets but also identify any intruder or violator. IPsec is capable of

protecting you reliably in this respect. IPsec has two modes – the Main mode and

Quick mode. The Internet Key Exchange (IKE) security protocol works in the Main

mode, verifying the two sides of the encrypted connection and establishing the initial

secure communication. No data are transmitted in the main mode. 2N® EasyRoute

uses the ISAKMP for this phase. The Quick mode is used for data transmission, which

is the essence of IPsec. There is also a simplified Aggressive mode, a combination of

the Main and Quick modes with a slightly limited security level used for connection of

clients without a fixed IP address (from dial-up, e.g.). A lower security level,

however, is compensated by additional authorisation (xauth – cross authorisation).

IPsec connection is point-to-point only. If you want to interconnect three points, use

three IPsec connections, two per IPsec gateway. Or, select one central point and

connect all the other points to it. The advantage of this solution is just one tunnel per

endpoint (extension) but more tunnels at the central point. The extensions see each

other through the central point but the data flow between them loads the central line

twice – it is the so-called delta configuration. Keep this in mind while building your

network and always choose the proper method.

Caution

Setting the IPsec function is rather difficult. Therefore, we are not

going to present any precise tunnel setups but only describe the

parameters.