Description:
This document describes how to set up a VPN connection between a LANCOM router and the BinTec router X2300i.
Requirements:
Procedure:
Configuration of the VPN at the LANCOM end should be carried out with the LANconfig Setup Wizard.
1) Start LANconfig, click with the right-hand mouse key on the router to be set up and, when the context menu appears, select the Setup Wizard.
You subsequently make the following adjustments manually under Configuration -> VPN -> General -> Connection list.
Set the IKE exchange to Aggressive mode.
When using the aggressive mode, an Identity must be configured in addition to the IKE key.
This is done in the form of a domain name.
Then disable the LCP polling in the PPP list (Configuration -> Communication -> Protocols -> PPP list) because the Bintec router blocks these packets.
Set the values for Time and Retries to 0. Then write the configuration back to the LANCOM router.
Configuring the BinTec X2300i:
The basic configuration of the BinTec router has been carried out previously.
The BinTec router can be configured via Telnet. Start -> Run: telnet <IP address of router>
Then start the Bintec router's setup tool using the command setup -p.
Select the menu item IPSEC and then start the IPSec configuration wizard with YES.
By selecting start wizard you start the configuration.
You first select the authentication method. In this case, this is PSK for pre-shared key.
Set the local identity for this VPN gateway.
Next, start the configuration of a peer.
Enter all the peer-specific parameters here. Because in this example the remote peer does not have a static IP address, we use a dyndns name. Under Peer IDs you see the identity configured earlier on the LANCOM in the form of a domain name. The string used for the pre-shared key in this case is lancom. This must be identical at both ends.
The next step is to configure the traffic parameters (in line with the VPN rules in the LANCOM router).
Enter the local and the remote network (of the peer) with the number of bits set to 1 in the subnet mask.
In the next step we adjust the parameters for the IKE (phase 1) and IPSec (phase 2).
Set the Proposal to 3DES and the hash algorithm to MD5. Set the IKE group to 2 1024 bit and the mode to aggressive.
Please note that the local ID here corresponds to the remote ID previously specified in the LANCOM router (lancom.test).
Now SAVE the configuration.
Finally, make the following adjustments to the Phase 2 (IPSec) parameters.
Set the proposal to DES3 with MD5 and PFS to group 2. Now SAVE these settings.
Exit the setup tool now with EXIT.
Save the configuration as the boot configuration.
Now start the debug mode with the command debug all& and then enter the ping command with the IP address of the peer network.
Information:
Please note that this is a specific type of router from another manufacturer. For configuration details relating to other Bintec device types, please contact Bintec support directly. |
|
